User Tokens
What is a user token?
In general
A user token is a form of credentials for the user it belongs to, which are usually completely different and separate from their original credentials.
In IQ Server
A user token is composed of a userCode
and a passCode
.
Both internal and LDAP users can create user tokens.
When one of these users successfully submits their user token credentials, then they will be authenticated and authorized as if they had submitted their original credentials.
Why use a user token?
There are two main benefits to using a user token.
Firstly, the user does not have to expose their original credentials (e.g. in REST API requests), which may be in-use elsewhere.
Secondly, user tokens can be easily created and deleted, which is useful should security policies require credential updates, or if credentials are lost accidentally or otherwise.
Internal or LDAP Users
You can create and delete your user token via the user token REST API.
Your user token credentials are only available upon creation and care should be taken to be able to recall them later.
Should you forget or lose your user token credentials you should delete your user token and create a new one.
Once created, you can use your user token userCode
and passCode
in place of your username
and password
to login to IQ Server via the UI and to issue REST API requests i.e. using the cURL tool for
curl -u [username]:[password] ...
you could instead issue
curl -u [userCode]:[passCode] ...
e.g.
curl -u admin:admin123 http://localhost:8070/api/v2/organizations curl -u TfPLVkV2:Hb5WZsYrvswl1wwRgxaaDVthlOVw7zSdaf1wWOrnlEU3 http://localhost:8070/api/v2/organizations
A user can only have one user token.
Users authenticated by SAML or a reverse proxy cannot create user tokens.
System Administrators
You can purge obsolete user tokens for LDAP users that no longer exist via the user token REST API.
User Token UI
Users can now generate their user token from within the IQ UI. This provides an easy way to achieve the same capabilities provided by the User Token API.
How to Access
The UI for managing the user token can be accessed from the User Menu by clicking on the Manage User Token option.
Generating a User Token
From the Manage User Token modal a new user token can be generated by clicking on the Generate User Token button.
The resulting User Code and Passcode will be displayed along buttons that allow for them to be copied to the clipboard and used elsewhere.
Reviewing User Token
It is important to note that for security reasons this will be the only available time to view the User Code and Passcode. Subsequent visits to this modal will NOT display these values.
Deleting a User Token
Re-visting the modal will show a warning informing the user that a user token already exists and that it would need to be deleted in order to generate a new one.
Clicking on Delete User Token will delete the existing token thus allowing for the creation of a new one.