diff --git a/internal/api/v1beta1connect/session.go b/internal/api/v1beta1connect/session.go
index 71b578e49..931556432 100644
--- a/internal/api/v1beta1connect/session.go
+++ b/internal/api/v1beta1connect/session.go
@@ -105,5 +105,18 @@ func (h ConnectHandler) ListUserSessions(ctx context.Context, request *connect.R
 
 // Revoke a specific session for a specific user (admin only).
 func (h ConnectHandler) RevokeUserSession(ctx context.Context, request *connect.Request[frontierv1beta1.RevokeUserSessionRequest]) (*connect.Response[frontierv1beta1.RevokeUserSessionResponse], error) {
-	return nil, nil
+	if err := request.Msg.Validate(); err != nil {
+		return nil, connect.NewError(connect.CodeInvalidArgument, err)
+	}
+
+	sessionID, err := uuid.Parse(request.Msg.GetSessionId())
+	if err != nil {
+		return nil, status.Error(codes.InvalidArgument, "invalid session_id")
+	}
+
+	if err := h.sessionService.SoftDelete(ctx, sessionID, time.Now()); err != nil {
+		return nil, status.Error(codes.Internal, err.Error())
+	}
+
+	return connect.NewResponse(&frontierv1beta1.RevokeUserSessionResponse{}), nil
 }
diff --git a/pkg/server/connect_interceptors/authorization.go b/pkg/server/connect_interceptors/authorization.go
index 0b236502a..c6286d8a9 100644
--- a/pkg/server/connect_interceptors/authorization.go
+++ b/pkg/server/connect_interceptors/authorization.go
@@ -1109,6 +1109,9 @@ var authorizationValidationMap = map[string]func(ctx context.Context, handler *v
 	"/raystack.frontier.v1beta1.AdminService/GetCurrentAdminUser": func(ctx context.Context, handler *v1beta1connect.ConnectHandler, req connect.AnyRequest) error {
 		return handler.IsSuperUser(ctx)
 	},
+	"/raystack.frontier.v1beta1.AdminService/RevokeUserSession": func(ctx context.Context, handler *v1beta1connect.ConnectHandler, req connect.AnyRequest) error {
+		return handler.IsSuperUser(ctx)
+	},
 }
 
 func ensureRoleBelongToOrg(ctx context.Context, handler *v1beta1connect.ConnectHandler, orgID, roleID string) error {