Add Token Type and Product fields to User API Tokens in Admin Hub

XMLWordPrintable

    • 1

      Problem Definition

      Currently, even if the organization’s authentication policy is set to block the creation of API tokens, this restriction does not extend to Bitbucket. Managed users are always permitted to create API tokens specifically for use with Bitbucket.

      The org admin can view a list of user API tokens in Admin Hub, but the UI does not display key metadata such as the token type (e.g., classic, Bitbucket-scoped) or the associated product (Jira, Confluence, Bitbucket, etc.). This lack of visibility makes it difficult for admins to distinguish between different types of tokens and understand their scope or intended use, which is especially important for security reviews and policy enforcement.

      Suggested Solution

      Enhance the User API tokens section in Admin Hub by adding columns for:

      • Token Type (classic, Bitbucket, etc.)
      • Associated Product (Jira, Confluence, Bitbucket, etc.)

      This will allow admins to quickly identify the nature and scope of each token, improving auditability and enabling more granular policy enforcement.

      Workaround

      There is currently no reliable workaround. Admins must manually investigate tokens, often requiring coordination with end users or reviewing logs, which is inefficient and error-prone.

            Assignee:
            Unassigned
            Reporter:
            Remy Iradukunda
            Votes:
            1 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated: