Tokens#
Tokens provide authorization for agents, agent relays, users, and external systems or applications from the server. Agents use tokens when they run process steps and communicate with the HCL™ Launch server and external services.
Users can use tokens with the command-line interface (CLI) client instead of supplying a user name and password in certain situations. For information, see Command-line client (CLI) reference.
Follow these steps to create a token. You can also create a token through the CLI; see createAuthToken.
- Log in as a user with the "Manage Security" permission. See Setting server configuration security.
- On the server, click Settings > Tokens > Create Token. The Create Token dialog box.
-
From the User list, select the user for the token. You can limit the actions available to the token by applying a token restriction to it. For information about creating and applying token restrictions, see Restricting authentication tokens.
Note:
If you are using the token to integrate with IBM UrbanCode™ Release, you must specify the administrator.
If the token is for an agent relay that is intended to use component version replication, the user must have a role that has the Read Artifact Set List permission. For information about the Read Artifact Set List permission, see Setting server configuration security.
-
Specify the expiration date and time.
-
To limit the use of the token to certain IP addresses, specify one or more IPv4 addresses in CIDR notation in the Allowed IPs field, such as
10.15.10.0/24
.Note: If you are using clustered servers as described in Setting up high-availability clusters, leave this field blank.
-
To map token restrictions to user tokens within the UrbanCode Deploy server during token creation, scroll through the created restrictions in the Auth Token Restriction field and select the desired list. Select New and fill out the required fields to create a new Auth Token Restriction. This feature allows you to restrict a token's usage down to specific REST API endpoints. For example, locking down an administrator user's token to only be able to call /cli/agentCLI/info.
-
Click Save.
Important: The token is shown only one time after you create it. Copy the token immediately, because you cannot see it again.
Tokens can be used immediately after they are created. You can revoke a token at any time by clicking Delete in the Actions column.
- Restricting authentication tokens
Limit authentication token actions by applying token restrictions to process plug-in steps. - Token expiration settings
Tokens provide authorization for agents, agent relays, users, and external systems or applications from the server. Agents use tokens when they run process steps and communicate with the HCL Launch server and external services. In the Security settings area, you can set time limits for four tokens types. - Updating the agent relay authentication token password
The authentication token password for the agent relay is specified during installation of the agent relay. You can update the authentication token and provide a password for the token by updating the agent relay properties file.
Parent topic: Managing security