Currently, Atlassian Guard's Authentication policies don't have a native way of restricting API Token creation on a per-user basis. The solution I've seen so far is to create two policies, one that blocks api access and one that allows it, and move the user from one policy to another. Users have to make a request and then admins have to manually move them.
A cleaner, access-management based approach would be to have a request workflow in the admin console that allows user api token creation to be approved by admins to grant token creation.
The flow would be something like: user requests api token access -> an admin approves or denies it -> grant or denial is applied automatically.
Whilst you suggestion is a great one, this is a public community forum for Atlassian related questions. Feature requests are unlikely to reach Atlassian this way.
Best to contact support and have them raise a feature request for you.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.