Community Announcements have moved! To stay up to date, please join the new Community Announcements group today. Learn more
×We are currently on Atlassian Cloud Enterprise and our main Authentication policy has enabled the ability for Users to create API tokens. When Atlassian introduced the 1 year expiration change, I started to look at all the tokens we had. With the intention on trying to clean and manage the Tokens a little better than what was previously being done.
I'm curious how others are handling user API tokens.
I have created a new authentication policy and have started to move users (mainly our service accounts that I have control over) to a new authentication policy. With the intention of turn off the ability to create User Api tokens in the main Authentication Policy. Preventing anyone from created API tokens, that are not in the new Authentication policy.
I like the introduction of the scopes on API tokens, which feels like it give Admins a little more control from a permission perspective.
Do you allow User API tokens?
How do manage and keep track of what these users are doing with the API Tokens?
Thanks,
Shawn Stevens