User Tokens
User tokens are internal and disposable credentials generated by IQ Server for use in Lifecycle Integrations without exposing the user's login credentials coming from the organization's identity provider. This is useful for accessing IQ Server integrations when identity providers, such as SAML, do not typically rely on usernames and passwords.
Using Tokens is highly recommended for IDEs and service accounts used in CI build scans as these temporary credentials can easily be reset to avoid credential leaks.
A user token is composed of a user code and a passcode. When one of these users successfully submits their user token credentials, then they will be authenticated and authorized as if they had submitted their original credentials.
Note
User tokens are not supported with reverse proxy authentication.
Where to use Tokens?
Here are common examples where user tokens are recommended:
IDEs and CI build scans
For scripts using the REST API
Service accounts and build automation where credential leak is possible
Managing a User Token
User token credentials are only available upon creation and cannot be retrieved. You may delete your previous token and create a new one. A user can only have one user token.
You can create and delete your user token via theUser Token REST API or through the IQ Server UI
SAML Users
We recommend you create and delete your user token initially via the UI
SAML users may use the User Token REST API, however, they can only do so after initially logging into the UI. IQ Server SAML identification uses the web browser SSO profile where IQ Server interacts with the SAML identity provider to create a session
Using a User Token
Once created, you can use your user token userCode and passCode to log in to access the IQ Server, API, and integrations.
curl -u [userCode]:[passCode] http://localhost:8070/api/v2/organizations
System Administrators
You can query and delete user tokens via API. This includes an endpoint to purge obsolete user tokens for LDAP users that no longer exist.
User Token from the server UI
Users can generate their user tokens from within the IQ UI.
How to Access
The UI for managing the user token can be accessed from the User Menu by clicking on the Manage User Token option.
Generating a User Token
From the Manage User Token modal, a new user token can be generated by clicking on the Generate User Token button.
The resulting User Code and Passcode will be displayed along buttons that allow for them to be copied to the clipboard and used elsewhere.
Deleting a User Token
Re-visiting the modal will show a warning informing the user that a user token already exists and that it would need to be deleted in order to generate a new one.
Clicking on Delete User Token will delete the existing token thus allowing for the creation of a new one.