Skip to main content

User Tokens

User tokens are internal and disposable credentials generated by IQ Server for use in Lifecycle Integrations without exposing the user's login credentials coming from the organization's identity provider. This is useful for accessing IQ Server integrations when identity providers, such as SAML, do not typically rely on usernames and passwords.

Using Tokens is highly recommended for IDEs and service accounts used in CI build scans as these temporary credentials can easily be reset to avoid credential leaks.

A user token is composed of a user code and a passcode. When one of these users successfully submits their user token credentials, then they will be authenticated and authorized as if they had submitted their original credentials.

Note

User tokens are not supported with reverse proxy authentication.

Where to use Tokens?

Here are common examples where user tokens are recommended:

  • IDEs and CI build scans

  • For scripts using the REST API

  • Service accounts and build automation where credential leak is possible

Managing a User Token

User token credentials are only available upon creation and cannot be retrieved. You may delete your previous token and create a new one. A user can only have one user token.

You can create and delete your user token via theUser Token REST API or through the IQ Server UI

SAML Users

We recommend you create and delete your user token initially via the UI

SAML users may use the User Token REST API, however, they can only do so after initially logging into the UI. IQ Server SAML identification uses the web browser SSO profile where IQ Server interacts with the SAML identity provider to create a session

Using a User Token

Once created, you can use your user token userCode and passCode to log in to access the IQ Server, API, and integrations.

curl -u [userCode]:[passCode] http://localhost:8070/api/v2/organizations

System Administrators

You can query and delete user tokens via API. This includes an endpoint to purge obsolete user tokens for LDAP users that no longer exist.

User Token from the server UI

Users can generate their user tokens from within the IQ UI.

How to Access

The UI for managing the user token can be accessed from the User Menu by clicking on the Manage User Token option.

64228003.png

Generating a User Token

From the Manage User Token modal, a new user token can be generated by clicking on the Generate User Token button.

64228004.png

The resulting User Code and Passcode will be displayed along buttons that allow for them to be copied to the clipboard and used elsewhere.

64228005.png

Deleting a User Token

Re-visiting the modal will show a warning informing the user that a user token already exists and that it would need to be deleted in order to generate a new one.

64228006.png

Clicking on Delete User Token will delete the existing token thus allowing for the creation of a new one.