Session-level security controls user access to features that support it, such as connected apps and reporting. For example, You can customize an organization’s Session Settings to require users to log in with two-factor authentication to get a High Assurance session. Then, you can restrict access to a specific connected app by requiring a High Assurance session level in the settings for the connected app.