A user requested that their team be able to use a single token for authentication.
Isn't this a violation of many security rules; such as SOC compliance.
Welcome to the Atlassian Community!
This is an absolute violation of security, you should never share access tokens.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi @John Welby and welcome to the Community.
I am no SOC expert but this idea is not a good one. Each should have their own token. If you need a "function" to do something, then create a "Service" user (just a regular user except you store the password away) for such tokens.
HTH,
KGM
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
This is Security 101. If a security audit is done and that comes out whoever approved that may get fired. As the other said it is a total violation of the concept of using two factor authentication which is what security tokens are.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.