diff --git a/application/account-management/Api/Endpoints/AuthenticationEndpoints.cs b/application/account-management/Api/Endpoints/AuthenticationEndpoints.cs
index 208ea6572..5107357e6 100644
--- a/application/account-management/Api/Endpoints/AuthenticationEndpoints.cs
+++ b/application/account-management/Api/Endpoints/AuthenticationEndpoints.cs
@@ -4,6 +4,7 @@
 using PlatformPlatform.AccountManagement.Features.EmailConfirmations.Commands;
 using PlatformPlatform.AccountManagement.Features.EmailConfirmations.Domain;
 using PlatformPlatform.SharedKernel.ApiResults;
+using PlatformPlatform.SharedKernel.Authentication.TokenGeneration;
 using PlatformPlatform.SharedKernel.Endpoints;
 
 namespace PlatformPlatform.AccountManagement.Api.Endpoints;
@@ -40,6 +41,10 @@ public void MapEndpoints(IEndpointRouteBuilder routes)
             => await mediator.Send(query)
         ).Produces<UserSessionsResponse>();
 
+        group.MapDelete("/sessions/{id}", async Task<ApiResult> (SessionId id, IMediator mediator)
+            => await mediator.Send(new RevokeSessionCommand { Id = id })
+        );
+
         // Note: This endpoint must be called with the refresh token as Bearer token in the Authorization header
         routes.MapPost("/internal-api/account-management/authentication/refresh-authentication-tokens", async Task<ApiResult> (IMediator mediator)
             => await mediator.Send(new RefreshAuthenticationTokensCommand())
diff --git a/application/account-management/Core/Features/Authentication/Commands/RevokeSession.cs b/application/account-management/Core/Features/Authentication/Commands/RevokeSession.cs
new file mode 100644
index 000000000..732baee48
--- /dev/null
+++ b/application/account-management/Core/Features/Authentication/Commands/RevokeSession.cs
@@ -0,0 +1,54 @@
+using JetBrains.Annotations;
+using PlatformPlatform.AccountManagement.Features.Authentication.Domain;
+using PlatformPlatform.AccountManagement.Features.Users.Domain;
+using PlatformPlatform.SharedKernel.Authentication.TokenGeneration;
+using PlatformPlatform.SharedKernel.Cqrs;
+using PlatformPlatform.SharedKernel.ExecutionContext;
+using PlatformPlatform.SharedKernel.Telemetry;
+
+namespace PlatformPlatform.AccountManagement.Features.Authentication.Commands;
+
+[PublicAPI]
+public sealed record RevokeSessionCommand : ICommand, IRequest<Result>
+{
+    [JsonIgnore]
+    public SessionId Id { get; init; } = null!;
+}
+
+public sealed class RevokeSessionHandler(
+    ISessionRepository sessionRepository,
+    IUserRepository userRepository,
+    IExecutionContext executionContext,
+    ITelemetryEventsCollector events,
+    TimeProvider timeProvider
+) : IRequestHandler<RevokeSessionCommand, Result>
+{
+    public async Task<Result> Handle(RevokeSessionCommand command, CancellationToken cancellationToken)
+    {
+        var userEmail = executionContext.UserInfo.Email!;
+
+        var session = await sessionRepository.GetByIdUnfilteredAsync(command.Id, cancellationToken);
+        if (session is null)
+        {
+            return Result.NotFound($"Session with id '{command.Id}' not found.");
+        }
+
+        var sessionUser = await userRepository.GetByIdUnfilteredAsync(session.UserId, cancellationToken);
+        if (sessionUser?.Email != userEmail)
+        {
+            return Result.Forbidden("You can only revoke your own sessions.");
+        }
+
+        if (session.IsRevoked)
+        {
+            return Result.BadRequest($"Session with id '{command.Id}' is already revoked.");
+        }
+
+        session.Revoke(timeProvider.GetUtcNow(), SessionRevokedReason.Revoked);
+        sessionRepository.Update(session);
+
+        events.CollectEvent(new SessionRevoked(SessionRevokedReason.Revoked));
+
+        return Result.Success();
+    }
+}
diff --git a/application/account-management/Core/Features/Authentication/Commands/SwitchTenant.cs b/application/account-management/Core/Features/Authentication/Commands/SwitchTenant.cs
index fc9c5b32b..19f322c10 100644
--- a/application/account-management/Core/Features/Authentication/Commands/SwitchTenant.cs
+++ b/application/account-management/Core/Features/Authentication/Commands/SwitchTenant.cs
@@ -47,6 +47,25 @@ public async Task<Result> Handle(SwitchTenantCommand command, CancellationToken
             await CopyProfileDataFromCurrentUser(targetUser, cancellationToken);
         }
 
+        var currentSessionId = executionContext.UserInfo.SessionId;
+        var currentSession = await sessionRepository.GetByIdUnfilteredAsync(currentSessionId!, cancellationToken);
+        if (currentSession is null)
+        {
+            logger.LogWarning("Current session '{SessionId}' not found", currentSessionId);
+            return Result.Unauthorized("Current session not found.");
+        }
+
+        if (currentSession.IsRevoked)
+        {
+            logger.LogWarning("Current session '{SessionId}' is already revoked", currentSessionId);
+            return Result.Unauthorized("Session has been revoked.");
+        }
+
+        var now = timeProvider.GetUtcNow();
+        currentSession.Revoke(now, SessionRevokedReason.SwitchTenant);
+        sessionRepository.Update(currentSession);
+        events.CollectEvent(new SessionRevoked(SessionRevokedReason.SwitchTenant));
+
         var userAgent = httpContextAccessor.HttpContext?.Request.Headers.UserAgent.ToString() ?? string.Empty;
         var ipAddress = executionContext.ClientIpAddress;
 
@@ -54,7 +73,7 @@ public async Task<Result> Handle(SwitchTenantCommand command, CancellationToken
         await sessionRepository.AddAsync(session, cancellationToken);
 
         var userInfo = await userInfoFactory.CreateUserInfoAsync(targetUser, cancellationToken, session.Id);
-        authenticationTokenService.CreateAndSetAuthenticationTokens(userInfo, session.Id, session.RefreshTokenJti);
+        authenticationTokenService.CreateAndSetAuthenticationTokens(userInfo, session.Id, session.RefreshTokenJti, currentSession.ExpiresAt);
 
         events.CollectEvent(new SessionCreated(session.Id));
         events.CollectEvent(new TenantSwitched(executionContext.TenantId!, command.TenantId, targetUser.Id));
diff --git a/application/account-management/Core/Features/Authentication/Domain/Session.cs b/application/account-management/Core/Features/Authentication/Domain/Session.cs
index 9b1d234ac..6dce6a2da 100644
--- a/application/account-management/Core/Features/Authentication/Domain/Session.cs
+++ b/application/account-management/Core/Features/Authentication/Domain/Session.cs
@@ -42,6 +42,8 @@ private Session(TenantId tenantId, UserId userId, DeviceType deviceType, string
 
     public bool IsRevoked => RevokedAt is not null;
 
+    public DateTimeOffset ExpiresAt => CreatedAt.AddHours(RefreshTokenGenerator.ValidForHours);
+
     public TenantId TenantId { get; }
 
     public static Session Create(TenantId tenantId, UserId userId, string userAgent, IPAddress ipAddress)
diff --git a/application/account-management/Core/Features/Authentication/Domain/SessionRepository.cs b/application/account-management/Core/Features/Authentication/Domain/SessionRepository.cs
index 67705c45f..c286d034b 100644
--- a/application/account-management/Core/Features/Authentication/Domain/SessionRepository.cs
+++ b/application/account-management/Core/Features/Authentication/Domain/SessionRepository.cs
@@ -15,6 +15,12 @@ public interface ISessionRepository : ICrudRepository<Session, SessionId>
     Task<Session?> GetByIdUnfilteredAsync(SessionId sessionId, CancellationToken cancellationToken);
 
     Task<Session[]> GetActiveSessionsForUserAsync(UserId userId, CancellationToken cancellationToken);
+
+    /// <summary>
+    ///     Retrieves all active sessions for multiple users across all tenants without applying query filters.
+    ///     This method should only be used in the Sessions dialog where users need to see all sessions for their email.
+    /// </summary>
+    Task<Session[]> GetActiveSessionsForUsersUnfilteredAsync(UserId[] userIds, CancellationToken cancellationToken);
 }
 
 public sealed class SessionRepository(AccountManagementDbContext accountManagementDbContext)
@@ -32,4 +38,13 @@ public async Task<Session[]> GetActiveSessionsForUserAsync(UserId userId, Cancel
             .ToArrayAsync(cancellationToken);
         return sessions.OrderByDescending(s => s.ModifiedAt ?? s.CreatedAt).ToArray();
     }
+
+    public async Task<Session[]> GetActiveSessionsForUsersUnfilteredAsync(UserId[] userIds, CancellationToken cancellationToken)
+    {
+        var sessions = await DbSet
+            .IgnoreQueryFilters()
+            .Where(s => userIds.AsEnumerable().Contains(s.UserId) && s.RevokedAt == null)
+            .ToArrayAsync(cancellationToken);
+        return sessions.OrderByDescending(s => s.ModifiedAt ?? s.CreatedAt).ToArray();
+    }
 }
diff --git a/application/account-management/Core/Features/Authentication/Domain/SessionTypes.cs b/application/account-management/Core/Features/Authentication/Domain/SessionTypes.cs
index 8b7a427fa..e8730abf9 100644
--- a/application/account-management/Core/Features/Authentication/Domain/SessionTypes.cs
+++ b/application/account-management/Core/Features/Authentication/Domain/SessionTypes.cs
@@ -17,5 +17,7 @@ public enum DeviceType
 public enum SessionRevokedReason
 {
     LoggedOut,
-    ReplayAttackDetected
+    Revoked,
+    ReplayAttackDetected,
+    SwitchTenant
 }
diff --git a/application/account-management/Core/Features/Authentication/Queries/GetUserSessions.cs b/application/account-management/Core/Features/Authentication/Queries/GetUserSessions.cs
index f23f190a2..a4046d12a 100644
--- a/application/account-management/Core/Features/Authentication/Queries/GetUserSessions.cs
+++ b/application/account-management/Core/Features/Authentication/Queries/GetUserSessions.cs
@@ -1,5 +1,7 @@
 using JetBrains.Annotations;
 using PlatformPlatform.AccountManagement.Features.Authentication.Domain;
+using PlatformPlatform.AccountManagement.Features.Tenants.Domain;
+using PlatformPlatform.AccountManagement.Features.Users.Domain;
 using PlatformPlatform.SharedKernel.Authentication.TokenGeneration;
 using PlatformPlatform.SharedKernel.Cqrs;
 using PlatformPlatform.SharedKernel.ExecutionContext;
@@ -20,18 +22,30 @@ public sealed record UserSessionInfo(
     string UserAgent,
     string IpAddress,
     DateTimeOffset LastActivityAt,
-    bool IsCurrent
+    bool IsCurrent,
+    string TenantName
 );
 
-public sealed class GetUserSessionsHandler(ISessionRepository sessionRepository, IExecutionContext executionContext)
-    : IRequestHandler<GetUserSessionsQuery, Result<UserSessionsResponse>>
+public sealed class GetUserSessionsHandler(
+    ISessionRepository sessionRepository,
+    IUserRepository userRepository,
+    ITenantRepository tenantRepository,
+    IExecutionContext executionContext
+) : IRequestHandler<GetUserSessionsQuery, Result<UserSessionsResponse>>
 {
     public async Task<Result<UserSessionsResponse>> Handle(GetUserSessionsQuery query, CancellationToken cancellationToken)
     {
-        var userId = executionContext.UserInfo.Id!;
+        var userEmail = executionContext.UserInfo.Email!;
         var currentSessionId = executionContext.UserInfo.SessionId;
 
-        var sessions = await sessionRepository.GetActiveSessionsForUserAsync(userId, cancellationToken);
+        var users = await userRepository.GetUsersByEmailUnfilteredAsync(userEmail, cancellationToken);
+        var userIds = users.Select(u => u.Id).ToArray();
+
+        var sessions = await sessionRepository.GetActiveSessionsForUsersUnfilteredAsync(userIds, cancellationToken);
+
+        var tenantIds = sessions.Select(s => s.TenantId).Distinct().ToArray();
+        var tenants = await tenantRepository.GetByIdsAsync(tenantIds, cancellationToken);
+        var tenantLookup = tenants.ToDictionary(t => t.Id, t => t.Name);
 
         var sessionInfos = sessions.Select(s => new UserSessionInfo(
                 s.Id,
@@ -40,7 +54,8 @@ public async Task<Result<UserSessionsResponse>> Handle(GetUserSessionsQuery quer
                 s.UserAgent,
                 s.IpAddress,
                 s.ModifiedAt ?? s.CreatedAt,
-                currentSessionId is not null && s.Id == currentSessionId
+                currentSessionId is not null && s.Id == currentSessionId,
+                tenantLookup.GetValueOrDefault(s.TenantId) ?? string.Empty
             )
         ).ToArray();
 
diff --git a/application/account-management/Tests/Authentication/GetUserSessionsTests.cs b/application/account-management/Tests/Authentication/GetUserSessionsTests.cs
index a35a81b1d..c8fa5c3ef 100644
--- a/application/account-management/Tests/Authentication/GetUserSessionsTests.cs
+++ b/application/account-management/Tests/Authentication/GetUserSessionsTests.cs
@@ -4,6 +4,7 @@
 using PlatformPlatform.AccountManagement.Features.Authentication.Domain;
 using PlatformPlatform.AccountManagement.Features.Authentication.Queries;
 using PlatformPlatform.SharedKernel.Authentication.TokenGeneration;
+using PlatformPlatform.SharedKernel.Domain;
 using PlatformPlatform.SharedKernel.Tests;
 using PlatformPlatform.SharedKernel.Tests.Persistence;
 using Xunit;
@@ -75,6 +76,34 @@ public async Task GetUserSessions_ShouldNotReturnOtherUserSessions()
         responseBody.Sessions.Should().Contain(s => s.Id == DatabaseSeeder.Tenant1OwnerSession.Id);
     }
 
+    [Fact]
+    public async Task GetUserSessions_ShouldReturnSessionsAcrossAllTenants()
+    {
+        // Arrange
+        var tenant2Name = "Tenant 2";
+        var tenant2Id = InsertTenant(tenant2Name);
+        var user2Id = UserId.NewId();
+        InsertUser(tenant2Id, user2Id, DatabaseSeeder.Tenant1Owner.Email);
+        var tenant2SessionId = InsertSession(tenant2Id, user2Id);
+
+        // Act
+        var response = await AuthenticatedOwnerHttpClient.GetAsync("/api/account-management/authentication/sessions");
+
+        // Assert
+        response.StatusCode.Should().Be(HttpStatusCode.OK);
+        var responseBody = await response.DeserializeResponse<UserSessionsResponse>();
+        responseBody.Should().NotBeNull();
+        responseBody.Sessions.Length.Should().Be(2);
+        responseBody.Sessions.Should().Contain(s => s.Id == DatabaseSeeder.Tenant1OwnerSession.Id);
+        responseBody.Sessions.Should().Contain(s => s.Id == new SessionId(tenant2SessionId));
+
+        var tenant1Session = responseBody.Sessions.Single(s => s.Id == DatabaseSeeder.Tenant1OwnerSession.Id);
+        tenant1Session.TenantName.Should().Be(DatabaseSeeder.Tenant1.Name);
+
+        var tenant2Session = responseBody.Sessions.Single(s => s.Id == new SessionId(tenant2SessionId));
+        tenant2Session.TenantName.Should().Be(tenant2Name);
+    }
+
     [Fact]
     public async Task GetUserSessions_ShouldNotReturnRevokedSessions()
     {
@@ -94,6 +123,45 @@ public async Task GetUserSessions_ShouldNotReturnRevokedSessions()
         responseBody.Sessions.Should().Contain(s => s.Id == DatabaseSeeder.Tenant1OwnerSession.Id);
     }
 
+    private long InsertTenant(string name)
+    {
+        var tenantId = TenantId.NewId().Value;
+        var now = TimeProvider.System.GetUtcNow();
+
+        Connection.Insert("Tenants", [
+                ("Id", tenantId),
+                ("CreatedAt", now),
+                ("ModifiedAt", null),
+                ("Name", name),
+                ("State", "Active"),
+                ("Logo", """{"Url":null,"Version":0}""")
+            ]
+        );
+
+        return tenantId;
+    }
+
+    private void InsertUser(long tenantId, UserId userId, string email)
+    {
+        var now = TimeProvider.System.GetUtcNow();
+
+        Connection.Insert("Users", [
+                ("TenantId", tenantId),
+                ("Id", userId.ToString()),
+                ("CreatedAt", now),
+                ("ModifiedAt", null),
+                ("Email", email),
+                ("EmailConfirmed", true),
+                ("FirstName", "Test"),
+                ("LastName", "User"),
+                ("Title", null),
+                ("Avatar", """{"Url":null,"Version":0,"IsGravatar":false}"""),
+                ("Role", "Owner"),
+                ("Locale", "en-US")
+            ]
+        );
+    }
+
     private string InsertSession(long tenantId, string userId, bool isRevoked = false)
     {
         var sessionId = SessionId.NewId().ToString();
diff --git a/application/account-management/Tests/Authentication/RevokeSessionTests.cs b/application/account-management/Tests/Authentication/RevokeSessionTests.cs
new file mode 100644
index 000000000..695ead843
--- /dev/null
+++ b/application/account-management/Tests/Authentication/RevokeSessionTests.cs
@@ -0,0 +1,118 @@
+using System.Net;
+using FluentAssertions;
+using PlatformPlatform.AccountManagement.Database;
+using PlatformPlatform.AccountManagement.Features.Authentication.Domain;
+using PlatformPlatform.SharedKernel.Authentication.TokenGeneration;
+using PlatformPlatform.SharedKernel.Tests;
+using PlatformPlatform.SharedKernel.Tests.Persistence;
+using Xunit;
+
+namespace PlatformPlatform.AccountManagement.Tests.Authentication;
+
+public sealed class RevokeSessionTests : EndpointBaseTest<AccountManagementDbContext>
+{
+    [Fact]
+    public async Task RevokeSession_WhenValid_ShouldRevokeSession()
+    {
+        // Arrange
+        var sessionId = InsertSession(DatabaseSeeder.Tenant1Owner.TenantId, DatabaseSeeder.Tenant1Owner.Id);
+
+        // Act
+        var response = await AuthenticatedOwnerHttpClient.DeleteAsync($"/api/account-management/authentication/sessions/{sessionId}");
+
+        // Assert
+        response.ShouldHaveEmptyHeaderAndLocationOnSuccess();
+        object[] parameters = [new { id = sessionId }];
+        Connection.ExecuteScalar<string>("SELECT RevokedAt FROM Sessions WHERE Id = @id", parameters).Should().NotBeNull();
+        Connection.ExecuteScalar<string>("SELECT RevokedReason FROM Sessions WHERE Id = @id", parameters).Should().Be("Revoked");
+
+        TelemetryEventsCollectorSpy.CollectedEvents.Count.Should().Be(1);
+        TelemetryEventsCollectorSpy.CollectedEvents[0].GetType().Name.Should().Be("SessionRevoked");
+        TelemetryEventsCollectorSpy.CollectedEvents[0].Properties["event.reason"].Should().Be("Revoked");
+        TelemetryEventsCollectorSpy.AreAllEventsDispatched.Should().BeTrue();
+    }
+
+    [Fact]
+    public async Task RevokeSession_WhenSessionNotFound_ShouldReturnNotFound()
+    {
+        // Arrange
+        var nonExistentSessionId = SessionId.NewId();
+
+        // Act
+        var response = await AuthenticatedOwnerHttpClient.DeleteAsync($"/api/account-management/authentication/sessions/{nonExistentSessionId}");
+
+        // Assert
+        await response.ShouldHaveErrorStatusCode(HttpStatusCode.NotFound, $"Session with id '{nonExistentSessionId}' not found.");
+
+        TelemetryEventsCollectorSpy.CollectedEvents.Should().BeEmpty();
+    }
+
+    [Fact]
+    public async Task RevokeSession_WhenSessionBelongsToOtherUser_ShouldReturnForbidden()
+    {
+        // Arrange
+        var otherUserSessionId = InsertSession(DatabaseSeeder.Tenant1Member.TenantId, DatabaseSeeder.Tenant1Member.Id);
+
+        // Act
+        var response = await AuthenticatedOwnerHttpClient.DeleteAsync($"/api/account-management/authentication/sessions/{otherUserSessionId}");
+
+        // Assert
+        await response.ShouldHaveErrorStatusCode(HttpStatusCode.Forbidden, "You can only revoke your own sessions.");
+
+        TelemetryEventsCollectorSpy.CollectedEvents.Should().BeEmpty();
+    }
+
+    [Fact]
+    public async Task RevokeSession_WhenSessionAlreadyRevoked_ShouldReturnBadRequest()
+    {
+        // Arrange
+        var sessionId = InsertSession(DatabaseSeeder.Tenant1Owner.TenantId, DatabaseSeeder.Tenant1Owner.Id, true);
+
+        // Act
+        var response = await AuthenticatedOwnerHttpClient.DeleteAsync($"/api/account-management/authentication/sessions/{sessionId}");
+
+        // Assert
+        await response.ShouldHaveErrorStatusCode(HttpStatusCode.BadRequest, $"Session with id '{sessionId}' is already revoked.");
+
+        TelemetryEventsCollectorSpy.CollectedEvents.Should().BeEmpty();
+    }
+
+    [Fact]
+    public async Task RevokeSession_WhenNotAuthenticated_ShouldReturnUnauthorized()
+    {
+        // Arrange
+        var sessionId = SessionId.NewId();
+
+        // Act
+        var response = await AnonymousHttpClient.DeleteAsync($"/api/account-management/authentication/sessions/{sessionId}");
+
+        // Assert
+        response.StatusCode.Should().Be(HttpStatusCode.Unauthorized);
+    }
+
+    private string InsertSession(long tenantId, string userId, bool isRevoked = false)
+    {
+        var sessionId = SessionId.NewId().ToString();
+        var jti = RefreshTokenJti.NewId().ToString();
+        var now = TimeProvider.System.GetUtcNow();
+
+        Connection.Insert("Sessions", [
+                ("TenantId", tenantId),
+                ("Id", sessionId),
+                ("UserId", userId),
+                ("CreatedAt", now),
+                ("ModifiedAt", null),
+                ("RefreshTokenJti", jti),
+                ("PreviousRefreshTokenJti", null),
+                ("RefreshTokenVersion", 1),
+                ("DeviceType", nameof(DeviceType.Desktop)),
+                ("UserAgent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64)"),
+                ("IpAddress", "127.0.0.1"),
+                ("RevokedAt", isRevoked ? now : null),
+                ("RevokedReason", null)
+            ]
+        );
+
+        return sessionId;
+    }
+}
diff --git a/application/account-management/Tests/Authentication/SwitchTenantTests.cs b/application/account-management/Tests/Authentication/SwitchTenantTests.cs
index 2aa512dc3..cd1e920f1 100644
--- a/application/account-management/Tests/Authentication/SwitchTenantTests.cs
+++ b/application/account-management/Tests/Authentication/SwitchTenantTests.cs
@@ -61,12 +61,20 @@ public async Task SwitchTenant_WhenUserExistsInTargetTenant_ShouldSwitchSuccessf
         response.Headers.Count(h => h.Key == "x-refresh-token").Should().Be(1);
         response.Headers.Count(h => h.Key == "x-access-token").Should().Be(1);
 
-        TelemetryEventsCollectorSpy.CollectedEvents.Count.Should().Be(2);
-        TelemetryEventsCollectorSpy.CollectedEvents[0].GetType().Name.Should().Be("SessionCreated");
-        TelemetryEventsCollectorSpy.CollectedEvents[1].GetType().Name.Should().Be("TenantSwitched");
-        TelemetryEventsCollectorSpy.CollectedEvents[1].Properties["event.from_tenant_id"].Should().Be(DatabaseSeeder.Tenant1.Id.ToString());
-        TelemetryEventsCollectorSpy.CollectedEvents[1].Properties["event.to_tenant_id"].Should().Be(tenant2Id.ToString());
-        TelemetryEventsCollectorSpy.CollectedEvents[1].Properties["event.user_id"].Should().Be(user2Id.ToString());
+        var oldSessionRevokedReason = Connection.ExecuteScalar<string>(
+            "SELECT RevokedReason FROM Sessions WHERE Id = @Id",
+            [new { Id = DatabaseSeeder.Tenant1MemberSession.Id.ToString() }]
+        );
+        oldSessionRevokedReason.Should().Be("SwitchTenant");
+
+        TelemetryEventsCollectorSpy.CollectedEvents.Count.Should().Be(3);
+        TelemetryEventsCollectorSpy.CollectedEvents[0].GetType().Name.Should().Be("SessionRevoked");
+        TelemetryEventsCollectorSpy.CollectedEvents[0].Properties["event.reason"].Should().Be("SwitchTenant");
+        TelemetryEventsCollectorSpy.CollectedEvents[1].GetType().Name.Should().Be("SessionCreated");
+        TelemetryEventsCollectorSpy.CollectedEvents[2].GetType().Name.Should().Be("TenantSwitched");
+        TelemetryEventsCollectorSpy.CollectedEvents[2].Properties["event.from_tenant_id"].Should().Be(DatabaseSeeder.Tenant1.Id.ToString());
+        TelemetryEventsCollectorSpy.CollectedEvents[2].Properties["event.to_tenant_id"].Should().Be(tenant2Id.ToString());
+        TelemetryEventsCollectorSpy.CollectedEvents[2].Properties["event.user_id"].Should().Be(user2Id.ToString());
     }
 
     [Fact]
@@ -287,7 +295,7 @@ public async Task SwitchTenant_WhenAcceptingInvite_ShouldCopyProfileData()
     }
 
     [Fact]
-    public async Task SwitchTenant_RapidSwitching_ShouldHandleCorrectly()
+    public async Task SwitchTenant_WhenSessionAlreadyRevoked_ShouldReturnUnauthorized()
     {
         // Arrange
         var tenant2Id = TenantId.NewId();
@@ -319,24 +327,20 @@ public async Task SwitchTenant_RapidSwitching_ShouldHandleCorrectly()
             ]
         );
 
-        // Act
+        // First switch succeeds and revokes the current session
         var response1 = await AuthenticatedMemberHttpClient.PostAsJsonAsync(
             "/api/account-management/authentication/switch-tenant", new SwitchTenantCommand(tenant2Id)
         );
+        await response1.ShouldBeSuccessfulPostRequest(hasLocation: false);
+        TelemetryEventsCollectorSpy.Reset();
+
+        // Act - Attempt to switch again with the same (now revoked) session
         var response2 = await AuthenticatedMemberHttpClient.PostAsJsonAsync(
             "/api/account-management/authentication/switch-tenant", new SwitchTenantCommand(DatabaseSeeder.Tenant1.Id)
         );
-        var response3 = await AuthenticatedMemberHttpClient.PostAsJsonAsync(
-            "/api/account-management/authentication/switch-tenant", new SwitchTenantCommand(tenant2Id)
-        );
 
         // Assert
-        await response1.ShouldBeSuccessfulPostRequest(hasLocation: false);
-        await response2.ShouldBeSuccessfulPostRequest(hasLocation: false);
-        await response3.ShouldBeSuccessfulPostRequest(hasLocation: false);
-
-        TelemetryEventsCollectorSpy.CollectedEvents.Count.Should().Be(6);
-        TelemetryEventsCollectorSpy.CollectedEvents.Where(e => e.GetType().Name == "SessionCreated").Should().HaveCount(3);
-        TelemetryEventsCollectorSpy.CollectedEvents.Where(e => e.GetType().Name == "TenantSwitched").Should().HaveCount(3);
+        await response2.ShouldHaveErrorStatusCode(HttpStatusCode.Unauthorized, "Session has been revoked.");
+        TelemetryEventsCollectorSpy.CollectedEvents.Should().BeEmpty();
     }
 }
diff --git a/application/account-management/WebApp/federated-modules/common/SessionsModal.tsx b/application/account-management/WebApp/federated-modules/common/SessionsModal.tsx
new file mode 100644
index 000000000..daaf70c32
--- /dev/null
+++ b/application/account-management/WebApp/federated-modules/common/SessionsModal.tsx
@@ -0,0 +1,272 @@
+import { t } from "@lingui/core/macro";
+import { Trans } from "@lingui/react/macro";
+import { AlertDialog } from "@repo/ui/components/AlertDialog";
+import { Badge } from "@repo/ui/components/Badge";
+import { Button } from "@repo/ui/components/Button";
+import { Dialog } from "@repo/ui/components/Dialog";
+import { DialogContent, DialogFooter, DialogHeader } from "@repo/ui/components/DialogFooter";
+import { Heading } from "@repo/ui/components/Heading";
+import { Modal } from "@repo/ui/components/Modal";
+import { toastQueue } from "@repo/ui/components/Toast";
+import { formatDate } from "@repo/utils/date/formatDate";
+import { useQueryClient } from "@tanstack/react-query";
+import { InfoIcon, LaptopIcon, LoaderIcon, MonitorIcon, SmartphoneIcon, TabletIcon, XIcon } from "lucide-react";
+import { useState } from "react";
+import { SmartDate } from "@/shared/components/SmartDate";
+import { api, type components, DeviceType } from "@/shared/lib/api/client";
+
+type UserSessionInfo = components["schemas"]["UserSessionInfo"];
+
+type SessionsModalProps = {
+  isOpen: boolean;
+  onOpenChange: (isOpen: boolean) => void;
+};
+
+function getDeviceIcon(deviceType: UserSessionInfo["deviceType"]) {
+  switch (deviceType) {
+    case DeviceType.Mobile:
+      return <SmartphoneIcon className="h-6 w-6 text-muted-foreground" aria-hidden="true" />;
+    case DeviceType.Tablet:
+      return <TabletIcon className="h-6 w-6 text-muted-foreground" aria-hidden="true" />;
+    case DeviceType.Desktop:
+      return <LaptopIcon className="h-6 w-6 text-muted-foreground" aria-hidden="true" />;
+    default:
+      return <MonitorIcon className="h-6 w-6 text-muted-foreground" aria-hidden="true" />;
+  }
+}
+
+function parseUserAgent(userAgent: string): string {
+  const browserPatterns = [
+    { pattern: /Edg\/[\d.]+/, name: "Edge" },
+    { pattern: /Chrome\/[\d.]+/, name: "Chrome" },
+    { pattern: /Firefox\/[\d.]+/, name: "Firefox" },
+    { pattern: /Safari\/[\d.]+/, name: "Safari" },
+    { pattern: /OPR\/[\d.]+/, name: "Opera" }
+  ];
+
+  const osPatterns = [
+    { pattern: /Windows NT 10/, name: "Windows" },
+    { pattern: /Windows NT/, name: "Windows" },
+    { pattern: /Mac OS X/, name: "Mac" },
+    { pattern: /Linux/, name: "Linux" },
+    { pattern: /Android/, name: "Android" },
+    { pattern: /iPhone|iPad/, name: "iOS" }
+  ];
+
+  let browser = t`Unknown browser`;
+  let os = t`Unknown OS`;
+
+  for (const { pattern, name } of browserPatterns) {
+    if (pattern.test(userAgent)) {
+      browser = name;
+      break;
+    }
+  }
+
+  for (const { pattern, name } of osPatterns) {
+    if (pattern.test(userAgent)) {
+      os = name;
+      break;
+    }
+  }
+
+  return t`${browser} on ${os}`;
+}
+
+function getDeviceTypeLabel(deviceType: UserSessionInfo["deviceType"]): string {
+  switch (deviceType) {
+    case DeviceType.Mobile:
+      return t`Mobile`;
+    case DeviceType.Tablet:
+      return t`Tablet`;
+    case DeviceType.Desktop:
+      return t`Desktop`;
+    default:
+      return t`Unknown`;
+  }
+}
+
+function SessionCard({
+  session,
+  onRevoke
+}: Readonly<{ session: UserSessionInfo; onRevoke: (session: UserSessionInfo) => void }>) {
+  const deviceLabel = getDeviceTypeLabel(session.deviceType);
+  const browserInfo = parseUserAgent(session.userAgent);
+
+  return (
+    <div className="flex flex-col gap-3 rounded-lg border border-border bg-card p-4 sm:flex-row sm:items-start sm:justify-between">
+      <div className="flex items-start gap-4">
+        <div className="flex h-10 w-10 shrink-0 items-center justify-center rounded-lg bg-muted">
+          {getDeviceIcon(session.deviceType)}
+        </div>
+        <div className="flex flex-col gap-1">
+          <div className="flex flex-wrap items-center gap-2">
+            <span className="font-medium text-foreground">
+              {deviceLabel} ({browserInfo})
+            </span>
+            {session.isCurrent && (
+              <Badge variant="success">
+                <Trans>Current session</Trans>
+              </Badge>
+            )}
+          </div>
+          <div className="flex flex-col gap-0.5 text-muted-foreground text-sm">
+            <span>
+              <Trans>Account:</Trans> {session.tenantName || <Trans>Unnamed account</Trans>}
+            </span>
+            <span>
+              <Trans>IP:</Trans> {session.ipAddress}
+            </span>
+            <span>
+              <Trans>Last active:</Trans> <SmartDate date={session.lastActivityAt} />
+            </span>
+            <span>
+              <Trans>Created:</Trans> {formatDate(session.createdAt)}
+            </span>
+          </div>
+        </div>
+      </div>
+      {!session.isCurrent && (
+        <Button variant="secondary" onPress={() => onRevoke(session)} className="w-full sm:w-auto">
+          <Trans>Revoke</Trans>
+        </Button>
+      )}
+    </div>
+  );
+}
+
+function RevokeSessionDialog({
+  isOpen,
+  onOpenChange,
+  isPending,
+  onRevoke
+}: Readonly<{
+  isOpen: boolean;
+  onOpenChange: (isOpen: boolean) => void;
+  isPending: boolean;
+  onRevoke: () => void;
+}>) {
+  return (
+    <Modal isOpen={isOpen} onOpenChange={onOpenChange} blur={false} isDismissable={!isPending} zIndex="high">
+      <AlertDialog
+        title={t`Revoke session`}
+        variant="destructive"
+        actionLabel={t`Revoke`}
+        cancelLabel={t`Cancel`}
+        onAction={onRevoke}
+      >
+        <Trans>
+          Are you sure you want to revoke this session? The device will be signed out and will need to log in again.
+        </Trans>
+      </AlertDialog>
+    </Modal>
+  );
+}
+
+export default function SessionsModal({ isOpen, onOpenChange }: Readonly<SessionsModalProps>) {
+  const [selectedSession, setSelectedSession] = useState<UserSessionInfo | null>(null);
+  const [isRevokeDialogOpen, setIsRevokeDialogOpen] = useState(false);
+  const [hasRevokedSession, setHasRevokedSession] = useState(false);
+  const queryClient = useQueryClient();
+
+  const { data, isLoading } = api.useQuery("get", "/api/account-management/authentication/sessions", {
+    enabled: isOpen
+  });
+
+  const sessions = data?.sessions ?? [];
+
+  const revokeSessionMutation = api.useMutation("delete", "/api/account-management/authentication/sessions/{id}", {
+    onSuccess: () => {
+      toastQueue.add({
+        title: t`Success`,
+        description: t`Session revoked successfully`,
+        variant: "success"
+      });
+      queryClient.invalidateQueries({ queryKey: ["get", "/api/account-management/authentication/sessions"] });
+      setIsRevokeDialogOpen(false);
+      setSelectedSession(null);
+      setHasRevokedSession(true);
+    }
+  });
+
+  const handleRevokeSession = (session: UserSessionInfo) => {
+    setSelectedSession(session);
+    setIsRevokeDialogOpen(true);
+  };
+
+  const handleConfirmRevoke = () => {
+    if (selectedSession) {
+      revokeSessionMutation.mutate({ params: { path: { id: selectedSession.id } } });
+    }
+  };
+
+  const handleClose = () => {
+    onOpenChange(false);
+    setHasRevokedSession(false);
+  };
+
+  if (!isOpen) {
+    return null;
+  }
+
+  return (
+    <>
+      <Modal isOpen={isOpen} onOpenChange={onOpenChange} isDismissable={true}>
+        <Dialog aria-label={t`Sessions`} className="max-sm:flex max-sm:flex-col max-sm:overflow-hidden sm:w-dialog-xl">
+          <XIcon onClick={handleClose} className="absolute top-2 right-2 h-10 w-10 cursor-pointer p-2 hover:bg-muted" />
+          <DialogHeader
+            description={
+              <Trans>
+                A list of devices that have logged into your account. Revoke any sessions you don't recognize.
+              </Trans>
+            }
+          >
+            <Heading slot="title" className="text-2xl">
+              <Trans>Sessions</Trans>
+            </Heading>
+          </DialogHeader>
+
+          <DialogContent className="flex flex-col gap-4">
+            {hasRevokedSession && (
+              <div className="flex items-center gap-3 rounded-lg border border-border bg-muted/50 p-4">
+                <InfoIcon className="h-5 w-5 shrink-0 text-info" />
+                <p className="text-sm">
+                  <Trans>Please note that it may take up to 5 minutes before the device is signed out.</Trans>
+                </p>
+              </div>
+            )}
+            {isLoading ? (
+              <div className="flex items-center justify-center py-12">
+                <LoaderIcon className="h-8 w-8 animate-spin text-muted-foreground" />
+              </div>
+            ) : sessions.length === 0 ? (
+              <div className="rounded-lg border border-border bg-card p-8 text-center">
+                <p className="text-muted-foreground">
+                  <Trans>No active sessions found.</Trans>
+                </p>
+              </div>
+            ) : (
+              <div className="flex max-h-96 flex-col gap-4 overflow-y-auto">
+                {sessions.map((session) => (
+                  <SessionCard key={session.id} session={session} onRevoke={handleRevokeSession} />
+                ))}
+              </div>
+            )}
+          </DialogContent>
+          <DialogFooter>
+            <Button onPress={handleClose}>
+              <Trans>Close</Trans>
+            </Button>
+          </DialogFooter>
+        </Dialog>
+      </Modal>
+
+      <RevokeSessionDialog
+        isOpen={isRevokeDialogOpen}
+        onOpenChange={setIsRevokeDialogOpen}
+        isPending={revokeSessionMutation.isPending}
+        onRevoke={handleConfirmRevoke}
+      />
+    </>
+  );
+}
diff --git a/application/account-management/WebApp/federated-modules/sideMenu/FederatedSideMenu.tsx b/application/account-management/WebApp/federated-modules/sideMenu/FederatedSideMenu.tsx
index 93fd35371..3c1013bbc 100644
--- a/application/account-management/WebApp/federated-modules/sideMenu/FederatedSideMenu.tsx
+++ b/application/account-management/WebApp/federated-modules/sideMenu/FederatedSideMenu.tsx
@@ -6,6 +6,7 @@ import { useState } from "react";
 import { useSwitchTenant } from "@/shared/hooks/useSwitchTenant";
 import type { components } from "@/shared/lib/api/api.generated";
 import { AcceptInvitationDialog } from "../common/AcceptInvitationDialog";
+import SessionsModal from "../common/SessionsModal";
 import { SwitchingAccountLoader } from "../common/SwitchingAccountLoader";
 import TenantSelector from "../common/TenantSelector";
 import UserProfileModal from "../common/UserProfileModal";
@@ -22,6 +23,7 @@ export type FederatedSideMenuProps = {
 export default function FederatedSideMenu({ currentSystem }: Readonly<FederatedSideMenuProps>) {
   const _userInfo = useUserInfo();
   const [isProfileModalOpen, setIsProfileModalOpen] = useState(false);
+  const [isSessionsModalOpen, setIsSessionsModalOpen] = useState(false);
   const [invitationDialogTenant, setInvitationDialogTenant] = useState<TenantInfo | null>(null);
   const [isSwitching, setIsSwitching] = useState(false);
 
@@ -56,6 +58,7 @@ export default function FederatedSideMenu({ currentSystem }: Readonly<FederatedS
           <MobileMenu
             currentSystem={currentSystem}
             onEditProfile={() => setIsProfileModalOpen(true)}
+            onShowSessions={() => setIsSessionsModalOpen(true)}
             onShowInvitationDialog={setInvitationDialogTenant}
           />
         }
@@ -64,6 +67,7 @@ export default function FederatedSideMenu({ currentSystem }: Readonly<FederatedS
         <NavigationMenuItems currentSystem={currentSystem} />
       </SideMenu>
       <UserProfileModal isOpen={isProfileModalOpen} onOpenChange={setIsProfileModalOpen} />
+      <SessionsModal isOpen={isSessionsModalOpen} onOpenChange={setIsSessionsModalOpen} />
       <AcceptInvitationDialog
         isOpen={!!invitationDialogTenant}
         onOpenChange={(open) => !open && setInvitationDialogTenant(null)}
diff --git a/application/account-management/WebApp/federated-modules/sideMenu/MobileMenu.tsx b/application/account-management/WebApp/federated-modules/sideMenu/MobileMenu.tsx
index 97db97fa5..5be5ad755 100644
--- a/application/account-management/WebApp/federated-modules/sideMenu/MobileMenu.tsx
+++ b/application/account-management/WebApp/federated-modules/sideMenu/MobileMenu.tsx
@@ -6,7 +6,7 @@ import { Avatar } from "@repo/ui/components/Avatar";
 import { Button } from "@repo/ui/components/Button";
 import { overlayContext, SideMenuSeparator } from "@repo/ui/components/SideMenu";
 import { useQueryClient } from "@tanstack/react-query";
-import { LogOutIcon, MailQuestion, UserIcon } from "lucide-react";
+import { LogOutIcon, MailQuestion, MonitorSmartphoneIcon, UserIcon } from "lucide-react";
 import { useContext } from "react";
 import type { components } from "@/shared/lib/api/api.generated";
 import { api } from "@/shared/lib/api/client";
@@ -18,7 +18,13 @@ import type { FederatedSideMenuProps } from "./FederatedSideMenu";
 import { NavigationMenuItems } from "./NavigationMenuItems";
 
 // Mobile menu header section with user profile and settings
-function MobileMenuHeader({ onEditProfile }: { onEditProfile: () => void }) {
+function MobileMenuHeader({
+  onEditProfile,
+  onShowSessions
+}: {
+  onEditProfile: () => void;
+  onShowSessions: () => void;
+}) {
   const userInfo = useUserInfo();
   const queryClient = useQueryClient();
   const overlayCtx = useContext(overlayContext);
@@ -75,6 +81,30 @@ function MobileMenuHeader({ onEditProfile }: { onEditProfile: () => void }) {
           </div>
         )}
 
+        {/* Sessions */}
+        <div className="flex items-center justify-between">
+          <Button
+            variant="ghost"
+            onPress={() => {
+              setTimeout(() => {
+                onShowSessions();
+                if (overlayCtx?.isOpen) {
+                  overlayCtx.close();
+                }
+              }, 10);
+            }}
+            className="flex h-11 w-full items-center justify-start gap-4 px-3 py-2 font-normal text-base text-muted-foreground hover:bg-hover-background hover:text-foreground"
+            style={{ pointerEvents: "auto", touchAction: "none" }}
+          >
+            <div className="flex h-6 w-6 shrink-0 items-center justify-center">
+              <MonitorSmartphoneIcon className="h-5 w-5 stroke-current" />
+            </div>
+            <div className="overflow-hidden whitespace-nowrap text-start">
+              <Trans>Sessions</Trans>
+            </div>
+          </Button>
+        </div>
+
         {/* Logout */}
         <div className="flex items-center justify-between">
           <Button
@@ -158,10 +188,12 @@ function MobileMenuHeader({ onEditProfile }: { onEditProfile: () => void }) {
 export function MobileMenu({
   currentSystem,
   onEditProfile,
+  onShowSessions,
   onShowInvitationDialog
 }: Readonly<{
   currentSystem: FederatedSideMenuProps["currentSystem"];
   onEditProfile: () => void;
+  onShowSessions: () => void;
   onShowInvitationDialog?: (tenant: components["schemas"]["TenantInfo"]) => void;
 }>) {
   return (
@@ -171,7 +203,7 @@ export function MobileMenu({
       style={{ touchAction: "pan-y" }}
     >
       <div className="flex-1 overflow-y-auto overflow-x-hidden">
-        <MobileMenuHeader onEditProfile={onEditProfile} />
+        <MobileMenuHeader onEditProfile={onEditProfile} onShowSessions={onShowSessions} />
 
         {/* Divider */}
         <div className="mx-3 my-5 border-border border-b" />
diff --git a/application/account-management/WebApp/federated-modules/topMenu/AvatarButton.tsx b/application/account-management/WebApp/federated-modules/topMenu/AvatarButton.tsx
index c86a1e849..860e8ee8c 100644
--- a/application/account-management/WebApp/federated-modules/topMenu/AvatarButton.tsx
+++ b/application/account-management/WebApp/federated-modules/topMenu/AvatarButton.tsx
@@ -8,14 +8,16 @@ import { Avatar } from "@repo/ui/components/Avatar";
 import { Button } from "@repo/ui/components/Button";
 import { Menu, MenuHeader, MenuItem, MenuSeparator, MenuTrigger } from "@repo/ui/components/Menu";
 import { useQueryClient } from "@tanstack/react-query";
-import { LogOutIcon, UserIcon } from "lucide-react";
+import { LogOutIcon, MonitorSmartphoneIcon, UserIcon } from "lucide-react";
 import { useEffect, useState } from "react";
 import { api } from "@/shared/lib/api/client";
+import SessionsModal from "../common/SessionsModal";
 import UserProfileModal from "../common/UserProfileModal";
 import "@repo/ui/tailwind.css";
 
 export default function AvatarButton() {
   const [isProfileModalOpen, setIsProfileModalOpen] = useState(false);
+  const [isSessionsModalOpen, setIsSessionsModalOpen] = useState(false);
   const [hasAutoOpenedModal, setHasAutoOpenedModal] = useState(false);
   const userInfo = useUserInfo();
   const queryClient = useQueryClient();
@@ -79,6 +81,10 @@ export default function AvatarButton() {
             <UserIcon size={16} />
             <Trans>Edit profile</Trans>
           </MenuItem>
+          <MenuItem id="sessions" onAction={() => setIsSessionsModalOpen(true)}>
+            <MonitorSmartphoneIcon size={16} />
+            <Trans>Sessions</Trans>
+          </MenuItem>
           <MenuSeparator />
           <MenuItem id="logout" onAction={() => logoutMutation.mutate({})}>
             <LogOutIcon size={16} /> <Trans>Log out</Trans>
@@ -87,6 +93,7 @@ export default function AvatarButton() {
       </MenuTrigger>
 
       <UserProfileModal isOpen={isProfileModalOpen} onOpenChange={setIsProfileModalOpen} />
+      <SessionsModal isOpen={isSessionsModalOpen} onOpenChange={setIsSessionsModalOpen} />
     </>
   );
 }
diff --git a/application/account-management/WebApp/shared/lib/api/AccountManagement.Api.json b/application/account-management/WebApp/shared/lib/api/AccountManagement.Api.json
index bcf3ddf49..a06ce7229 100644
--- a/application/account-management/WebApp/shared/lib/api/AccountManagement.Api.json
+++ b/application/account-management/WebApp/shared/lib/api/AccountManagement.Api.json
@@ -214,6 +214,37 @@
         }
       }
     },
+    "/api/account-management/authentication/sessions/{id}": {
+      "delete": {
+        "tags": [
+          "Authentication"
+        ],
+        "operationId": "DeleteApiAccountManagementAuthenticationSessions",
+        "parameters": [
+          {
+            "name": "id",
+            "in": "path",
+            "required": true,
+            "schema": {
+              "$ref": "#/components/schemas/SessionId"
+            },
+            "x-position": 1
+          }
+        ],
+        "responses": {
+          "400": {
+            "description": "",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/HttpValidationProblemDetails"
+                }
+              }
+            }
+          }
+        }
+      }
+    },
     "/internal-api/account-management/authentication/refresh-authentication-tokens": {
       "post": {
         "operationId": "PostInternalApiAccountManagementAuthenticationRefreshAuthenticationTokens",
@@ -1437,6 +1468,9 @@
           },
           "isCurrent": {
             "type": "boolean"
+          },
+          "tenantName": {
+            "type": "string"
           }
         }
       },
diff --git a/application/account-management/WebApp/shared/translations/locale/da-DK.po b/application/account-management/WebApp/shared/translations/locale/da-DK.po
index e3c3f5de0..215e0150e 100644
--- a/application/account-management/WebApp/shared/translations/locale/da-DK.po
+++ b/application/account-management/WebApp/shared/translations/locale/da-DK.po
@@ -33,6 +33,9 @@ msgstr "{0} brugere slettet permanent"
 msgid "{0} users restored successfully"
 msgstr "{0} brugere genoprettet succesfuldt"
 
+msgid "{browser} on {os}"
+msgstr "{browser} på {os}"
+
 msgid "{deletedCount} users permanently deleted"
 msgstr "{deletedCount} brugere slettet permanent"
 
@@ -48,6 +51,9 @@ msgstr "100% sikkerhedsscore"
 msgid "A different user logged in from another browser tab."
 msgstr "En anden bruger loggede ind fra en anden browsertab."
 
+msgid "A list of devices that have logged into your account. Revoke any sessions you don't recognize."
+msgstr "En liste over enheder, der har logget ind på din konto. Tilbagekald sessioner, du ikke genkender."
+
 msgid "A new verification code has been sent to your email."
 msgstr "En ny bekræftelseskode er blevet sendt til din e-mail."
 
@@ -78,6 +84,9 @@ msgstr "Kontoindstillinger"
 msgid "Account switched"
 msgstr "Konto skiftet"
 
+msgid "Account:"
+msgstr "Konto:"
+
 msgid "Achieved in Microsoft Defender for Cloud following Azure best practices"
 msgstr "Opnået i Microsoft Defender for Cloud ved at følge Azures bedste praksis"
 
@@ -134,6 +143,9 @@ msgstr "Er du sikker på, at du vil slette <0>{0} brugere</0> permanent?"
 msgid "Are you sure you want to permanently delete <0>{userDisplayName}</0>?"
 msgstr "Er du sikker på, at du vil slette <0>{userDisplayName}</0> permanent?"
 
+msgid "Are you sure you want to revoke this session? The device will be signed out and will need to log in again."
+msgstr "Er du sikker på, at du vil tilbagekalde denne session? Enheden vil blive logget ud og skal logge ind igen."
+
 msgid "Audit reports and assessments"
 msgstr "Revisions rapporter og vurderinger"
 
@@ -225,6 +237,12 @@ msgstr "Opret din konto"
 msgid "Created"
 msgstr "Oprettet"
 
+msgid "Created:"
+msgstr "Oprettet:"
+
+msgid "Current session"
+msgstr "Nuværende session"
+
 msgid "Danger zone"
 msgstr "Farezone"
 
@@ -280,6 +298,9 @@ msgstr "Slettet"
 msgid "Deleted users"
 msgstr "Slettede brugere"
 
+msgid "Desktop"
+msgstr "Stationær"
+
 msgid "Different user logged in"
 msgstr "En anden bruger loggede ind"
 
@@ -409,12 +430,18 @@ msgstr "Inviter bruger"
 msgid "Invited users"
 msgstr "Inviterede brugere"
 
+msgid "IP:"
+msgstr "IP:"
+
 msgid "Just now"
 msgstr "Lige nu"
 
 msgid "Language"
 msgstr "Sprog"
 
+msgid "Last active:"
+msgstr "Sidst aktiv:"
+
 msgid "Last name"
 msgstr "Efternavn"
 
@@ -478,6 +505,9 @@ msgstr "Microsoft DBA"
 msgid "Microsoft patches and secures all PaaS infrastructure automatically"
 msgstr "Microsoft opdaterer og sikrer automatisk al PaaS infrastruktur"
 
+msgid "Mobile"
+msgstr "Mobil"
+
 msgid "Modified"
 msgstr "Ændret"
 
@@ -496,6 +526,9 @@ msgstr "Har du brug for hjælp? Vores supportteam er klart til at hjælpe."
 msgid "Next"
 msgstr "Næste"
 
+msgid "No active sessions found."
+msgstr "Ingen aktive sessioner fundet."
+
 msgid "No deleted users"
 msgstr "Ingen slettede brugere"
 
@@ -548,6 +581,9 @@ msgstr "Tjek venligst URL'en eller vend tilbage til forsiden."
 msgid "Please check your email for a verification code sent to <0>{email}</0>"
 msgstr "Tjek din e-mail for en bekræftelseskode sendt til <0>{email}</0>"
 
+msgid "Please note that it may take up to 5 minutes before the device is signed out."
+msgstr "Bemærk at det kan tage op til 5 minutter, før enheden er logget ud."
+
 msgid "Please select a JPEG, PNG, GIF, or WebP image."
 msgstr "Vælg et JPEG-, PNG-, GIF- eller WebP-billede."
 
@@ -615,6 +651,12 @@ msgstr "Gendan {0} brugere"
 msgid "Restore user"
 msgstr "Gendan bruger"
 
+msgid "Revoke"
+msgstr "Tilbagekald"
+
+msgid "Revoke session"
+msgstr "Tilbagekald session"
+
 msgid "Role"
 msgstr "Rolle"
 
@@ -645,6 +687,12 @@ msgstr "Send invitation"
 msgid "Sending verification code..."
 msgstr "Sender bekræftelseskode..."
 
+msgid "Session revoked successfully"
+msgstr "Session tilbagekaldt succesfuldt"
+
+msgid "Sessions"
+msgstr "Sessioner"
+
 msgid "Show details"
 msgstr "Vis detaljer"
 
@@ -684,6 +732,9 @@ msgstr "Skifter konto..."
 msgid "System"
 msgstr "System"
 
+msgid "Tablet"
+msgstr "Tablet"
+
 msgid "Terms"
 msgstr "Vilkår"
 
@@ -738,6 +789,15 @@ msgstr "Tillidscenter"
 msgid "Try again"
 msgstr "Prøv igen"
 
+msgid "Unknown"
+msgstr "Ukendt"
+
+msgid "Unknown browser"
+msgstr "Ukendt browser"
+
+msgid "Unknown OS"
+msgstr "Ukendt OS"
+
 msgid "Unknown state"
 msgstr "Ukendt tilstand"
 
diff --git a/application/account-management/WebApp/shared/translations/locale/en-US.po b/application/account-management/WebApp/shared/translations/locale/en-US.po
index 8a6fd3c76..c1bd10e02 100644
--- a/application/account-management/WebApp/shared/translations/locale/en-US.po
+++ b/application/account-management/WebApp/shared/translations/locale/en-US.po
@@ -33,6 +33,9 @@ msgstr "{0} users permanently deleted"
 msgid "{0} users restored successfully"
 msgstr "{0} users restored successfully"
 
+msgid "{browser} on {os}"
+msgstr "{browser} on {os}"
+
 msgid "{deletedCount} users permanently deleted"
 msgstr "{deletedCount} users permanently deleted"
 
@@ -48,6 +51,9 @@ msgstr "100% Security Score"
 msgid "A different user logged in from another browser tab."
 msgstr "A different user logged in from another browser tab."
 
+msgid "A list of devices that have logged into your account. Revoke any sessions you don't recognize."
+msgstr "A list of devices that have logged into your account. Revoke any sessions you don't recognize."
+
 msgid "A new verification code has been sent to your email."
 msgstr "A new verification code has been sent to your email."
 
@@ -78,6 +84,9 @@ msgstr "Account settings"
 msgid "Account switched"
 msgstr "Account switched"
 
+msgid "Account:"
+msgstr "Account:"
+
 msgid "Achieved in Microsoft Defender for Cloud following Azure best practices"
 msgstr "Achieved in Microsoft Defender for Cloud following Azure best practices"
 
@@ -134,6 +143,9 @@ msgstr "Are you sure you want to permanently delete <0>{0} users</0>?"
 msgid "Are you sure you want to permanently delete <0>{userDisplayName}</0>?"
 msgstr "Are you sure you want to permanently delete <0>{userDisplayName}</0>?"
 
+msgid "Are you sure you want to revoke this session? The device will be signed out and will need to log in again."
+msgstr "Are you sure you want to revoke this session? The device will be signed out and will need to log in again."
+
 msgid "Audit reports and assessments"
 msgstr "Audit reports and assessments"
 
@@ -225,6 +237,12 @@ msgstr "Create your account"
 msgid "Created"
 msgstr "Created"
 
+msgid "Created:"
+msgstr "Created:"
+
+msgid "Current session"
+msgstr "Current session"
+
 msgid "Danger zone"
 msgstr "Danger zone"
 
@@ -280,6 +298,9 @@ msgstr "Deleted"
 msgid "Deleted users"
 msgstr "Deleted users"
 
+msgid "Desktop"
+msgstr "Desktop"
+
 msgid "Different user logged in"
 msgstr "Different user logged in"
 
@@ -409,12 +430,18 @@ msgstr "Invite user"
 msgid "Invited users"
 msgstr "Invited users"
 
+msgid "IP:"
+msgstr "IP:"
+
 msgid "Just now"
 msgstr "Just now"
 
 msgid "Language"
 msgstr "Language"
 
+msgid "Last active:"
+msgstr "Last active:"
+
 msgid "Last name"
 msgstr "Last name"
 
@@ -478,6 +505,9 @@ msgstr "Microsoft DPA"
 msgid "Microsoft patches and secures all PaaS infrastructure automatically"
 msgstr "Microsoft patches and secures all PaaS infrastructure automatically"
 
+msgid "Mobile"
+msgstr "Mobile"
+
 msgid "Modified"
 msgstr "Modified"
 
@@ -496,6 +526,9 @@ msgstr "Need help? Our support team is here to assist you."
 msgid "Next"
 msgstr "Next"
 
+msgid "No active sessions found."
+msgstr "No active sessions found."
+
 msgid "No deleted users"
 msgstr "No deleted users"
 
@@ -548,6 +581,9 @@ msgstr "Please check the URL or return to the home page."
 msgid "Please check your email for a verification code sent to <0>{email}</0>"
 msgstr "Please check your email for a verification code sent to <0>{email}</0>"
 
+msgid "Please note that it may take up to 5 minutes before the device is signed out."
+msgstr "Please note that it may take up to 5 minutes before the device is signed out."
+
 msgid "Please select a JPEG, PNG, GIF, or WebP image."
 msgstr "Please select a JPEG, PNG, GIF, or WebP image."
 
@@ -615,6 +651,12 @@ msgstr "Restore {0} users"
 msgid "Restore user"
 msgstr "Restore user"
 
+msgid "Revoke"
+msgstr "Revoke"
+
+msgid "Revoke session"
+msgstr "Revoke session"
+
 msgid "Role"
 msgstr "Role"
 
@@ -645,6 +687,12 @@ msgstr "Send invite"
 msgid "Sending verification code..."
 msgstr "Sending verification code..."
 
+msgid "Session revoked successfully"
+msgstr "Session revoked successfully"
+
+msgid "Sessions"
+msgstr "Sessions"
+
 msgid "Show details"
 msgstr "Show details"
 
@@ -684,6 +732,9 @@ msgstr "Switching account..."
 msgid "System"
 msgstr "System"
 
+msgid "Tablet"
+msgstr "Tablet"
+
 msgid "Terms"
 msgstr "Terms"
 
@@ -738,6 +789,15 @@ msgstr "Trust Center"
 msgid "Try again"
 msgstr "Try again"
 
+msgid "Unknown"
+msgstr "Unknown"
+
+msgid "Unknown browser"
+msgstr "Unknown browser"
+
+msgid "Unknown OS"
+msgstr "Unknown OS"
+
 msgid "Unknown state"
 msgstr "Unknown state"
 
diff --git a/application/account-management/WebApp/tests/e2e/session-management-flows.spec.ts b/application/account-management/WebApp/tests/e2e/session-management-flows.spec.ts
new file mode 100644
index 000000000..6ed7d8c76
--- /dev/null
+++ b/application/account-management/WebApp/tests/e2e/session-management-flows.spec.ts
@@ -0,0 +1,123 @@
+import type { Browser } from "@playwright/test";
+import { expect } from "@playwright/test";
+import { test } from "@shared/e2e/fixtures/page-auth";
+import { createTestContext, expectToastMessage } from "@shared/e2e/utils/test-assertions";
+import { completeSignupFlow, getVerificationCode, testUser } from "@shared/e2e/utils/test-data";
+import { step } from "@shared/e2e/utils/test-step-wrapper";
+
+test.describe("@smoke", () => {
+  /**
+   * SESSION MANAGEMENT WORKFLOW
+   *
+   * Tests the session management functionality including:
+   * - Opening Sessions modal via user profile menu
+   * - Viewing active sessions list with current session indicator
+   * - Current session card displays device info, IP, timestamps
+   * - Current session does not show Revoke button
+   * - Revoke individual session with confirmation dialog
+   */
+  test("should display sessions modal with current session and handle session revocation", async ({ page }) => {
+    const context = createTestContext(page);
+    const owner = testUser();
+    const sessionsDialog = page.getByRole("dialog", { name: "Sessions" });
+
+    await step("Complete owner signup & verify welcome page")(async () => {
+      await completeSignupFlow(page, expect, owner, context);
+      await expect(page.getByRole("heading", { name: "Welcome home" })).toBeVisible();
+    })();
+
+    await step("Open Sessions modal & verify current session with badge and no Revoke button")(async () => {
+      await page.getByRole("button", { name: "User profile menu" }).click();
+      await expect(page.getByRole("menu")).toBeVisible();
+      await page.getByRole("menuitem", { name: "Sessions" }).click();
+
+      await expect(sessionsDialog).toBeVisible();
+      await expect(sessionsDialog.getByRole("heading", { name: "Sessions" })).toBeVisible();
+      await expect(sessionsDialog.getByText("Current session")).toBeVisible();
+      await expect(sessionsDialog.getByText("IP:")).toBeVisible();
+      await expect(sessionsDialog.getByText("Last active:")).toBeVisible();
+      await expect(sessionsDialog.getByText("Created:")).toBeVisible();
+
+      const currentSessionCard = sessionsDialog
+        .locator("div.rounded-lg.border")
+        .filter({ hasText: "Current session" })
+        .first();
+      await expect(currentSessionCard.getByRole("button", { name: "Revoke" })).not.toBeVisible();
+    })();
+
+    await step("Close Sessions modal & create second session from new browser context")(async () => {
+      await sessionsDialog.locator("svg.cursor-pointer").click();
+      await expect(sessionsDialog).not.toBeVisible();
+
+      const browser = page.context().browser() as Browser;
+      const secondContext = await browser.newContext();
+      const secondPage = await secondContext.newPage();
+      createTestContext(secondPage);
+
+      await secondPage.goto("/login");
+      await expect(secondPage.getByRole("heading", { name: "Hi! Welcome back" })).toBeVisible();
+
+      await secondPage.getByRole("textbox", { name: "Email" }).fill(owner.email);
+      await secondPage.getByRole("button", { name: "Continue" }).click();
+      await expect(secondPage).toHaveURL("/login/verify");
+      await secondPage.keyboard.type(getVerificationCode());
+
+      await expect(secondPage).toHaveURL("/admin");
+      await expect(secondPage.getByRole("heading", { name: "Welcome home" })).toBeVisible();
+
+      await secondContext.close();
+    })();
+
+    await step("Re-open Sessions modal & verify multiple sessions with Revoke button on non-current")(async () => {
+      await page.getByRole("button", { name: "User profile menu" }).click();
+      await expect(page.getByRole("menu")).toBeVisible();
+      await page.getByRole("menuitem", { name: "Sessions" }).click();
+
+      await expect(sessionsDialog).toBeVisible();
+      await expect(sessionsDialog.getByRole("heading", { name: "Sessions" })).toBeVisible();
+
+      const sessionCards = sessionsDialog.locator("div.rounded-lg.border").filter({ hasText: "IP:" });
+      await expect(sessionCards).toHaveCount(2);
+
+      const otherSessionCard = sessionCards.filter({ hasNotText: "Current session" }).first();
+      await expect(otherSessionCard.getByRole("button", { name: "Revoke" })).toBeVisible();
+    })();
+
+    await step("Click Revoke button on other session & verify confirmation dialog")(async () => {
+      const sessionCards = sessionsDialog.locator("div.rounded-lg.border").filter({ hasText: "IP:" });
+      const otherSessionCard = sessionCards.filter({ hasNotText: "Current session" }).first();
+      await otherSessionCard.getByRole("button", { name: "Revoke" }).click();
+
+      await expect(page.getByRole("alertdialog", { name: "Revoke session" })).toBeVisible();
+      await expect(
+        page.getByText(
+          "Are you sure you want to revoke this session? The device will be signed out and will need to log in again."
+        )
+      ).toBeVisible();
+    })();
+
+    await step("Cancel revoke dialog & verify session remains")(async () => {
+      await page.getByRole("button", { name: "Cancel" }).click();
+      await expect(page.getByRole("alertdialog", { name: "Revoke session" })).not.toBeVisible();
+
+      const sessionCards = sessionsDialog.locator("div.rounded-lg.border").filter({ hasText: "IP:" });
+      await expect(sessionCards).toHaveCount(2);
+    })();
+
+    await step("Revoke other session & verify success toast and only current session remains")(async () => {
+      const sessionCards = sessionsDialog.locator("div.rounded-lg.border").filter({ hasText: "IP:" });
+      const otherSessionCard = sessionCards.filter({ hasNotText: "Current session" }).first();
+      await otherSessionCard.getByRole("button", { name: "Revoke" }).click();
+
+      const revokeDialog = page.getByRole("alertdialog", { name: "Revoke session" });
+      await expect(revokeDialog).toBeVisible();
+      await revokeDialog.getByRole("button", { name: "Revoke", exact: true }).click();
+
+      await expectToastMessage(context, "Session revoked successfully");
+
+      const remainingSessionCards = sessionsDialog.locator("div.rounded-lg.border").filter({ hasText: "IP:" });
+      await expect(remainingSessionCards).toHaveCount(1);
+      await expect(sessionsDialog.getByText("Current session")).toBeVisible();
+    })();
+  });
+});
diff --git a/application/shared-kernel/SharedKernel/Authentication/TokenGeneration/AuthenticationTokenService.cs b/application/shared-kernel/SharedKernel/Authentication/TokenGeneration/AuthenticationTokenService.cs
index 03d864df7..507802fe1 100644
--- a/application/shared-kernel/SharedKernel/Authentication/TokenGeneration/AuthenticationTokenService.cs
+++ b/application/shared-kernel/SharedKernel/Authentication/TokenGeneration/AuthenticationTokenService.cs
@@ -15,6 +15,13 @@ public void CreateAndSetAuthenticationTokens(UserInfo userInfo, SessionId sessio
         SetAuthenticationTokensOnHttpResponse(refreshToken, accessToken);
     }
 
+    public void CreateAndSetAuthenticationTokens(UserInfo userInfo, SessionId sessionId, RefreshTokenJti jti, DateTimeOffset expires)
+    {
+        var refreshToken = refreshTokenGenerator.Generate(userInfo, sessionId, jti, expires);
+        var accessToken = accessTokenGenerator.Generate(userInfo);
+        SetAuthenticationTokensOnHttpResponse(refreshToken, accessToken);
+    }
+
     public void RefreshAuthenticationTokens(UserInfo userInfo, SessionId sessionId, RefreshTokenJti jti, int currentRefreshTokenVersion, DateTimeOffset expires)
     {
         var refreshToken = refreshTokenGenerator.Update(userInfo, sessionId, jti, currentRefreshTokenVersion, expires);
diff --git a/application/shared-kernel/SharedKernel/Authentication/TokenGeneration/RefreshTokenGenerator.cs b/application/shared-kernel/SharedKernel/Authentication/TokenGeneration/RefreshTokenGenerator.cs
index 4f4826f06..daa3d8e0c 100644
--- a/application/shared-kernel/SharedKernel/Authentication/TokenGeneration/RefreshTokenGenerator.cs
+++ b/application/shared-kernel/SharedKernel/Authentication/TokenGeneration/RefreshTokenGenerator.cs
@@ -9,13 +9,18 @@ public sealed class RefreshTokenGenerator(ITokenSigningClient tokenSigningClient
 {
     // Refresh tokens are stored as a persistent cookie in the user's browser.
     // Similar to Facebook and GitHub, when a user logs in, the session will be valid for a very long time.
-    private const int ValidForHours = 2160; // 24 hours * 90 days
+    public const int ValidForHours = 2160; // 24 hours * 90 days
 
     public string Generate(UserInfo userInfo, SessionId sessionId, RefreshTokenJti jti)
     {
         return GenerateRefreshToken(userInfo, sessionId, jti, 1, timeProvider.GetUtcNow().AddHours(ValidForHours));
     }
 
+    public string Generate(UserInfo userInfo, SessionId sessionId, RefreshTokenJti jti, DateTimeOffset expires)
+    {
+        return GenerateRefreshToken(userInfo, sessionId, jti, 1, expires);
+    }
+
     public string Update(UserInfo userInfo, SessionId sessionId, RefreshTokenJti jti, int currentRefreshTokenVersion, DateTimeOffset expires)
     {
         return GenerateRefreshToken(userInfo, sessionId, jti, currentRefreshTokenVersion + 1, expires);