Applicable to Entuity v21.0 P02 upwards
Introduction:
From Entuity v21.0 P02 upwards, it is possible to access the Entuity UI without requirement to log in.
This access is managed via time-limited access tokens tied to a specific Entuity user account, including admin accounts. This means that someone accessing Entuity via an access token will have access to the same parts of the Entuity UI as the user account to which the access token is tied.
Access tokens are created and managed by the Entuity admin.
Specification:
Scope of access:
- The access token can be used as a URL or in an http header to gain access without a login. Once the user has access to Entuity via the access token, they can access the same parts of Entuity as can the token's authenticated user. The only exception is that non-admin users cannot change their password.
- More than one access token can be associated with a specified Entuity user account. If external authentication has been enabled, you can only associate an access token with a user account that has logged in at least once.
- Access tokens allows someone to access Entuity as a specific admin or non-admin user. You can specify whether to disallow the creation of access tokens for admin users via the [accessTokens] section of entuity.cfg.
Permissions:
- Only admins can create and manage access tokens.
Access token value generation:
- Access token values are automatically generated. You cannot manually specify an access token value.
Access token expiry:
- You can specify a time and date at which the token will expire.
- When an access token expires, any current user sessions that were created via that token will also expire within 1 minute.
Access token revocation:
- You can revoke an access token with immediate effect. If an access token is revoked, any user sessions created via that token will also be revoked.
Access token invalidation:
- When the user account for a token is deleted, the token becomes invalid. You can modify this invalid token to then attach another user/admin account to it.
To manage access tokens:
You can manage access tokens from the Access Token Management page. To access this page:
- Click the Main Menu and then Administration.
- Click Access Token Management to open the Access Token Management page.
If you are running a multi-server configuration, you can specify the server on which you want to manage access tokens via the server select dropdown box in the top left of the page.
This page contains a table listing the access tokens you have created and details thereof. The table lists access tokens created in respect of valid and invalid users. If you have created access tokens for users and then configured e.g. SAMLv2 user authentication, the previous user accounts will no longer be available and therefore the previously-created access tokens will be invalid, but will be displayed in the table so that you can delete them or specify them to a valid user as you need.
Expired user tokens are still displayed in the table, and are appended with the text '(expired)'.
From this page you can also create and edit access tokens, copy token values, and revoke access tokens.
Note, if access keys have been previously created in the accessKeys.properties file for SAMLv2 purposes, these will also be included in the table. These access keys are not created by any particular user and therefore will see <system> in the 'Created By' column.
The table details the following information:
Column | Description |
User | user account by which the token is authenticated, i.e. if specified as 'User 1', then the token session will provide access based on User 1's privileges. |
Description | description of this access token, if specified. |
Expiry Time | time and date on which this token expires. If not specified, this column will be empty. |
Time Til Expiry | time until this token expires. 'Never' if no expiry specified. |
Create Time | timestamp of when this token was created. |
Created By | user account that created this token. Note, if access keys have been previously created in the accessKeys.properties file for SAMLv2 purposes, which are not done by any particular user, you will see <system> in this column. |
Last Updated | timestamp of when this token was last edited. |
Last Updated By | user account that last edited the token. |
Last Login | timestamp of when this token was last used to access Entuity. |
Login Count | number of times this token has been used to access Entuity. |
Active Sessions | number of current active sessions using this token. |
RESTful API
You can execute the following commands via the Entuity RESTful API functionality:
Comments
0 comments
Please sign in to leave a comment.