This post describes how to check concurrent sessions. Then configure that to check if the session count is 0, may need some tweaking if you need to support re-authentication, because at that point you have a session running already and would be denied.
Also, this won't block the login to the computer, just the network access. But you could put a captive portal to explain that the user first needs to sign out all other sessions. Not sure if ClearPass is the best place to do this, as if you can do this in the domain it would probably be better.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Mar 08, 2023 09:57 AM
From: nilesh.wagh@sunway-digital.com
Subject: AD user concurrent login on workstations
Hi team,
My customer has below requirement , whether this is achievable from ClearPass. Could you please advise.
1. If one AD user logins to domain system concurrently he cannot login to another domain system.
2. if he logouts from first system, then he can login to another domain system.