Multi-User Applications
On this page
Atlas Device SDK allows multiple users to be logged in to an app simultaneously on a given device. Client applications run in the context of a single active user even if multiple users are logged in simultaneously. You can quickly switch between authenticated users without requiring them to log in again.
Important
C++ does not currently support multi-user applications.
Important
Any logged-in user may become the active user without re-authenticating. Depending on your app, this may be a security vulnerability. For example, a user on a shared device may switch to a coworker's logged in account without providing their credentials or requiring their explicit permission. If your application requires stricter authentication, avoid switching between users and prefer to explicitly log the active user out before authenticating another user.
User Account States
When a user first logs in through Atlas App Services on a given device or browser, the SDK saves the user's information and keeps track of the user's state on the device. The user's data remains on the device, even if they log out, unless you actively remove the user.
The following states describe an on-device user at any given time:
Authenticated: any user that has logged in on the device and has not logged out or had its session revoked.
Active: a single authenticated user that is currently using the app on a given device. The SDK associates this user with outgoing requests and Atlas evaluates data access permissions and runs Functions in this user's context. See active user for more information.
Inactive: all authenticated users that are not the current active user. You switch the active user to a currently inactive user at any time.
Logged Out: any user that authenticated on the device but has since logged out or had their session revoked.
The following diagram shows how users within a client app transition between states when certain events occur:
Check User State
The SDK provides a property you can check to determine the user's current state.
Add a New User to the Device
The SDK automatically adds users to a device when they log in for the first time on that device. When a user logs in, they immediately become the application's active user. For details about authenticating a user, refer to Authenticate Users.
List All Users on the Device
You can access a list of all user accounts that are stored on the device. This list includes all users that have logged in to the app on a given device regardless of whether they are currently authenticated.
Get the Active User
You can get the current active user in your app. If multiple users are
logged in, this returns the last valid user that logged in to the device. This
method returns the language's implementation of nil or null if there
are no logged-in users.
Change the Active User
You can change an app's active user to another logged-in user at any time.
Log a User Out
You can log a logged-in user out of an app. Once logged out, the user is still stored on the device but must log back in to use the app. If another logged-in user exists on the device, logging a user out automatically sets the remaining logged-in user as the active user.
For more information, refer to Log a User Out.
Remove a User from the Device
You can remove all information about a user from the device and automatically log the user out. Once removed, the user must re-authenticate to use the app again. This does not delete the user from Atlas. If another logged-in user exists on the device, removing a user out automatically sets the remaining logged-in user as the active user.
For more information on removing and deleting users, refer to Create, Delete, and Remove Users.