Administering tokens

As a System Administrator, you can generate tokens of type User on behalf of another user and you can revoke any token. For more information about tokens and how to manage your own tokens, see Managing your tokens.

Generating a token on behalf of another user

1. In Administration > Security > Users, retrieve the user.
2. In the user's Tokens column, select the three-dot menu. The Tokens dialog opens.
3. Enter the token name, check the expiration date, and select Generate.

Revoking a token

1. In Administration > Security > Users, retrieve the user.
2. In the user's Tokens column, select the three-dot menu. The Tokens dialog opens with the list of tokens.
3. In the Actions column of the token, select Revoke.

Enforcing a maximum lifetime for tokens (from Enterprise Edition)

The ability to configure a maximum lifetime for tokens is available starting in Enterprise Edition.

As a System Administrator, you can define a maximum lifetime for any newly generated token. Non-administrator users can also set a time-to-live as long as it is less than or equal to the maximum lifetime configured at the system level. Tokens generated after updating this setting will expire either at the configured maximum lifetime or at the time set by the user, whichever comes first. 

To enforce a maximum lifetime for tokens at the system level:

1. Go to Administration > Configuration > General Settings > Security.
2. In Maximum allowed lifetime for token, select the lifetime you want to set.