Interesting question! There is no way out of the box but, with some effort, I believe the answer is: Yes!

You could run a scheduled job that checks the v_user_session table for logged in users. Then, check to see when the last transaction occurred for that user using the syslog_transaction table. If the last transaction is older than your threshold, then - give the user the boot!

You would need to tweak the process to keep performance from being an issue, depending on how many logged in users you have on average. You could run this as a scheduled job every minute, or you could adjust the timeout check to something like 10 minutes and then run the scheduled job every 5, etc. 

Note, this line:

httpSession.setAttribute("locked_out", "true");

This is the same as if you were on the logged in users list, opened a user and clicked the "lock out session" button. It does not lock the user out, it just ends the session!

I excluded "admin" by default as I was testing on a PDI with admin and another user in an incognito window. 

Obviously, test this extensively in sub-prod!

var matches = [];
var li_users = new GlideRecord('v_user_session');
li_users.addQuery('user!=admin');
li_users.query();
while(li_users.next()) {
	matches.push(li_users.getValue('user'));
}
//these are the users that matched the first pass
gs.print(matches);

//Now lets see when the last transaction occurred
var matches2 = [];
var transactions = new GlideRecord('syslog_transaction');

for(a = 0; a < matches.length; a++) {
	transactions = new GlideRecord('syslog_transaction');
	transactions.addEncodedQuery('client_transaction=true^sys_created_onRELATIVEGE@minute@ago@15^sys_created_by=' + matches[a]); //adjust the timeout period here
	transactions.query();
	
	if(transactions.next()) {
		//this means the user has logged a transaction within the window so consider him active
	} else {
		//otherwise, we move on to round 3
		matches2.push(matches[a].toString());
	}
}


//Here you need to define your criteria for users and check to see if they match
//If they match, they are about to be logged off!
//My Example is if the user has the role "itil"

var giveTheBoot = [];
var getRoles = new GlideRecord('sys_user_has_role');

for(var i=0; i< matches2.length; i++) {
	gs.print('matches2='+ matches2[i]);
	getRoles = new GlideRecord('sys_user_has_role');
	getRoles.addQuery('user.user_name', matches2[i]);
	getRoles.addQuery('getRoles.role.name', 'itil'); //Define the role here for example
	getRoles.query();
	while(getRoles.next()) {
		if(getRoles.role.name.toString() === 'itil') {
			gs.print(getRoles.sys_id + i);
			giveTheBoot.push(matches2[i].toString());
		}
	}
	
}

gs.print("Giving the boot to: " + giveTheBoot);

var sessions = GlideSessions.get().getLoggedInSessionList();
var sessionList = sessions.iterator();
while(sessionList.hasNext()) {
	var session = sessionList.next();
	for(var b = 0; b < giveTheBoot.length; b++) {
		if (session.getUser() == giveTheBoot[b]) {
			gs.print(session.getUser() + ' / ' + giveTheBoot[b]);
			var httpSession = session.getHS();
			//I know how this looks, but it does NOT lock the user out - just ends the session!
			httpSession.setAttribute("locked_out", "true");
			
		}
	}
}

I've wondered about this possibility in the past but never got around to actually trying it out. Hope it helps!

If this was helpful or correct, please be kind and remember to click appropriately! Michael Jones - Proud member of the CloudPires team!