Skip to main content
A session is the sign-in for one browser, IDE, or device. Each session is scoped to one active organization at a time; everything you see in the UI is read in that organization’s scope. Sign in on a second device and you get a second session — independent of the first. API keys are not sessions. Automation should use an API key, not your personal session — see API keys.

View your active sessions

Open the account menu (your avatar, top right), choose Profile, then open the Security tab. The Active sessions card lists every device currently signed in to your account. Each row shows:
  • The device or browser (user agent), or Unknown device if it wasn’t reported.
  • The IP address it signed in from, or No IP if it wasn’t reported.
  • When the session was created.
  • A Current session marker on the one you’re using right now.
The list refreshes on its own while the card is open.

Revoke a session

Use Revoke on any row that isn’t your current session to sign that device out immediately — do this for a shared computer, a lost laptop, or an entry you don’t recognize. To sign out every other device at once, use Sign out everywhere else at the top of the card. Your current session stays active. You can’t revoke your current session from this card. To end it, use Sign out from the account menu.

Change your password

On the same Security tab, the Change password card asks for your current password and a new one (at least 8 characters). Saving a new password automatically signs out all your other sessions, so anyone using a stale copy of your account is dropped.

Switch active organization

If you belong to more than one organization, open the account menu and pick a different one under Organization (the current one has a checkmark). The page reloads its data in the new organization’s scope; your session stays the same, only its scope changes. Open tabs show the new organization’s data on their next refresh.

Sign out

Choose Sign out from the account menu. This ends your current session on this device only. Your other devices stay signed in until they’re revoked or expire on their own.

If you forgot your password

When your deployment has email configured, the sign-in page shows a Forgot password? link. Choose it, enter your email, and follow the Send reset link flow. The link takes you to a page where you set a new password. If the link isn’t shown, email recovery isn’t available for your deployment — contact your Novacula platform administrator, who can set a password for you directly. If you’re already signed in and just want to rotate your password, use Change password on the Security tab of your Profile instead — no email needed, and it signs out your other sessions in the process.

Security checklist

  • Revoke any session you don’t recognize, then change your password.
  • Never paste a session cookie or token into a chat, ticket, or screenshot.
  • Use API keys for scripts and integrations, not your personal session.