orirab
Reputation: 3353
Is there a way to limit an Okta token authority?
Following these abbreviated steps to generate an Okta token:
- Log in to your Developer Console
- Navigate to API > Tokens and click Create Token
- Give your token a name
works wonderfully, however I'd like to limit the authority of such a token to only affect certain applications or perform only certain operations - is this possible?
Upvotes: 2
Views: 90
Answers (1)
afitnerd
Reputation: 736
API Tokens share the same rights as the admin that created them.
If you wanted to create an API Token that had read-only access, for instance, you could follow these steps:
- Assign the Read Only admin role to a user (preferably a service account)
- Login as that user
- Create an API Token as usual
That API Token could now only be used for read only operations. An attempt at a write operation with that API Token would fail.
HTH! (full disclosure: I work for Okta)
Upvotes: 2
Related Questions
- Verifying Access Tokens Generated from Multiple Client IDs with Okta
- Prevent Okta from authenticating user during OAuth 2.0 authorization redirect
- How to add user groups to ID token in Okta?
- OKTA Authorization Server ‘namespace’ for custom claims
- How to generate Okta access token programmatically?
- OAuth2 (Okta): How to set authorization
- OKTA token for API access
- How to get Password Restrictions from Okta API?
- How to mark api-created Okta users as being provided by Active Directory
- How to validate user credentials against custom api