Google now allows, administrators to “invalidate a user’s active connection” to Google Apps services from the Google Apps control panel. “Starting today, administrators can also easily invalidate a user’s active connection; ‘More specifically, administrators can now reset a user’s sign-in cookies to help prevent unauthorized access to their account. This will log out that user from all current web browser sessions and require new authentication the next time that user tries to access Google Apps. Combined with the existing ability for administrators to reset user passwords, this new feature to reset users’ sign-in cookies improves security in the cloud in case of device theft or loss,” explains Google. If you want to know more about this features refer this hlp page.