Uploaded image for project: 'Atlassian Guard'
  1. Atlassian Guard
  2. ACCESS-852

Improve overall API Token management/logging

XMLWordPrintable

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Problem Definition

      At this moment, Org Admins don't have a singular UI page to track API Tokens created by managed users. There also isn't any way to log or track when API Tokens are created by managed users as well.

      Suggested Solution

      Integrate API Token creation/management with the audit log, and include a singular dashboard for all API Tokens created by managed users.

      Why this is important

      This allows for Org Admins to have a singular page to manage API Tokens, instead of having to browse to each individual user. This is helpful when managing larger numbers of users.

      Workaround 

      N/A

            [ACCESS-852] Improve overall API Token management/logging

            Kat N added a comment -

            Thanks everyone for watching and commenting on this ticket. As part of an initiative to better consolidate customer feedback, we are closing this ticket as a duplicate. Please vote, watch and comment on ACCESS-96 going forward.

            Kat N added a comment - Thanks everyone for watching and commenting on this ticket. As part of an initiative to better consolidate customer feedback, we are closing this ticket as a duplicate. Please vote, watch and comment on ACCESS-96 going forward.

            Ramon M added a comment -

            https://getsupport.atlassian.com/browse/CES-2415

            Ramon M added a comment - https://getsupport.atlassian.com/browse/CES-2415

            zac.metin@xero added a comment -

            This is quite significant for us too, if we can't audit which API token was used to make changes and can only see the user we need a much more complex approach to API integration service accounts than we otherwise would.

            zac.metin@xero added a comment - This is quite significant for us too, if we can't audit which API token was used to make changes and can only see the user we need a much more complex approach to API integration service accounts than we otherwise would.

            Pierrick Brossin added a comment -

            I just had an exchange with Atlassian's support regarding this feature and this is must for us, security-wise.

            We have seen some people being granted admin accesses, generating tokens that haven't been used for a long time.

            We would to better understand who creates token, if they are still used and potentially remove them when they aren't used anymore.

            Pierrick Brossin added a comment - I just had an exchange with Atlassian's support regarding this feature and this is must for us, security-wise. We have seen some people being granted admin accesses, generating tokens that haven't been used for a long time. We would to better understand who creates token, if they are still used and potentially remove them when they aren't used anymore.

              njayasankar@atlassian.com Narmada Jayasankar
              20ac656d1814 abalantrapu1
              Votes:
              19 Vote for this issue
              Watchers:
              30 Start watching this issue

                Created:
                Updated:
                Resolved: