Skip to Main Content
Status Under review
Created by Andrew Chavez
Created on Nov 7, 2022

RingCentral App Active Logins (Security Risk)

As far as I can tell, changing the credentials of any user does not automatically log people out of their RingCentral App. This includes any active logins into their mobile app or home computers.

At our business, we sign into our RC apps through Google. When we have to let people go, I'll have to change their credentials through Google Workspace.

I didn't realize until today that none of our ex employees get prompted to login after getting kicked out. If I change their password or username or even the name on their extension, none of these will trigger a prompt to log in.

Anyone who had previously loged in with either RC Credentials or Google Credentials never get kicked off the RC App. Currently there is no way to remove these people from trusted logins. This is a huge security risk for my firm. We communicate with many clients using RingCentral, if we fire a bad actor they could be referring clients to competitiors or feeding them incorrect information.

We could have many active log ins for ex-employees and it's currently unknown who had and who has access to our current list of clients and communcations.

Please add in a way to revoke access to RingCentral to individual devices immediately. This is a feature in Dropbox, Google, and many other services.

  • James Peterson
    May 19, 2023

    Same goes when adding custom role removing the mobile app access for users. Even after applying the new role the user still has access to the mobile app since they were previously logged in already.

  • Elizabeth Witte
    Nov 8, 2022

    Voted on this - this is also critical for Healthcare and IT Organizations.