Uploaded image for project: 'Atlassian Guard'
  1. Atlassian Guard
  2. ACCESS-96

Ability to manage API token creation as an organization admin

XMLWordPrintable

    • 180

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Problem Definition

      Atlassian accounts are able to generate API tokens for use with Jira and Confluence cloud APIs. At the moment, org admins can only revoke these tokens but they cannot enforce policies on the token usage of their managed accounts.

      Suggested Solution

      If a user belongs to an organization, give admins the following abilities:

      • Enable or block a managed account from issuing tokens
      • Make the creation of API tokens admin-only
      • Log or track the creation of API tokens (such as in audit logs) 
      • Set a default expiration for the tokens that can be created (ie, 1 week, unlimited not allowed). see ID-7825
      • Have the ability to extract a report of all users that currently have API tokens
      • Track whether API Keys are used by User in any project
      • Track report on API Keys usage.

            2015ae912494 Stefan Scorse
            kyamamoto@atlassian.com K. Yamamoto
            Votes:
            167 Vote for this issue
            Watchers:
            175 Start watching this issue

              Created:
              Updated:
              Resolved: