Does Samly manages users getting logged out if their permissions are revoked in their IDP?

[messutied]

So if a user has access in OKTA (for example) to use a given app (Samly SSO enabled), they successfully sign in and later their permissions to that app are revoked, it seems like the user remains logged in through Samly, it looks like notonorafter could be used for automatically expiring the sessions, is this something we should take care of outside of Samly? or am I missing something?

Thanks!