Ability to view and report External Users API tokens usage on site

XMLWordPrintable

    • 9

      Problem Definition

      Currently organization admins can follow steps from this KB to track managed accounts API tokens:
      https://www.atlassian.com/software/access/guide#api-token-controls

      There is not this same capability for External Users that are not managed, which may be using their API tokens across Atlassian Cloud sites managed by the organization admin

      Suggested Solution

      Have the ability, similar to the managed users, for external users to track and see when the API token was last used on the sites managed by the organization.

      Revoking API tokens for external users won't be feasible due to privacy reasons, but instead the ability to move the user to an external user security policy that blocks API tokens on the site would be beneficial

      Why this is important

      • Many companies have 3rd party accounts that will need to use API tokens on their sites
      • Security teams need the ability to track and report on these API tokens
      • Based off the information received from the reports, there should be a simple way to quickly, selectively block the users API tokens on the site

      Workaround

      At this moment, you can assign users to your external security policy that blocks API token access, but there is no way to determine how the API tokens are being used.

      https://support.atlassian.com/security-and-access-policies/docs/available-external-user-security-settings/

       

              Assignee:
              Unassigned
              Reporter:
              Nick Messer
              Votes:
              15 Vote for this issue
              Watchers:
              14 Start watching this issue

                Created:
                Updated: