Token Access & Management
Last updated
Was this helpful?
Last updated
Was this helpful?
SeaLights utilizes tokens for various functionalities, including browser extension, API access, and agent communication.
SeaLights employs three types of tokens:
: Used for browser extension and related functionalities.
: Used for SeaLights Public API access.
: Used for SeaLights agent communication.
Purpose: Used for and related functionalities: displaying SeaLights metrics in your SCM's UI and reporting manual tests.
Browser extension tokens are user-based.
Browser extension tokens are linked to the user who created them.
These tokens inherit the creator's group access at the time of using the token, granting access to applications within the creator's groups.
Legacy extension tokens have global access (access to all applications).
Each user can have only one browser extension tokens.
The Create New Token button is disabled if a non-legacy token already exists.
Users can view, copy, download, refresh, and delete their own browser extension token.
Legacy token are only visible to Admin/DevOps users, and their actions (copy, download, refresh) are disabled
If the token creator is deactivated or deleted, the extension token is automatically deactivated or deleted.
Purpose: Used for authentication in SeaLights public API.
API tokens are group-based.
API tokens are linked to specific user groups, granting access to applications within those groups.
The user groups are linked to the token automatically or by user selection, at the time of creating the token or updating it.
Legacy extension tokens have global access (access to all applications).
New tokens can also have global access.
Only Admin/DevOps users can access the API token page.
Tokens with Global Access can be viewed by:
All Admin/DevOps users, in case this is a legacy token.
Admin/DevOps users with permission for manage Users and Permissions, in case this is a non-legacy token with Global Access.
Admin/DevOps users can view only API tokens with access to groups they are authorized to view:
Admin/DevOps users must be assigned to all groups the token has access to, in order to view the token.
Example 1: Token with access to groups A and B, can be viewed by an Admin/DevOps user that is assigned to groups A, B, C.
Example 2: Token with access to groups A and D, cannot be viewed by an Admin/DevOps user that is assigned to groups A, B, C.
Admin/DevOps users with permission for manage Users and Permissions can view all tokens, even if they are not assigned to groups.
Admin/DevOps users can copy, download, and refresh tokens based on their group authorization.
Admin/DevOps users with permission for manage Users and Permissions will not be able to copy / download / refresh, if not assigned to all the groups a token has access to.
Admin/DevOps users that are able to view a specific token with Global Access can also copy / download / refresh the token.
Admin/DevOps users can disable/enable tokens.
Deletion is only possible after disabling.
Admin/DevOps users can add groups to existing tokens if additional groups are available. There is no option to remove a group that was already added.
Creating a token does not provide access to this token forever. The creator of a token can view a token as long as his/her assigned groups are aligned with the groups the token has access to.
Purpose: Used for authentication in SeaLights Agents.
API tokens are group-based.
API tokens are linked to specific user groups, granting access to applications within those groups.
The user groups are linked to the token automatically or by user selection, at the time of creating the token or updating it.
Legacy extension tokens have global access (access to all applications).
New tokens can also have global access.
Only DevOps users can access the API token page.
Tokens with Global Access can be viewed by:
All DevOps users, in case this is a legacy token.
DevOps users with permission for manage Users and Permissions, in case this is a non-legacy token with Global Access.
DevOps users can view only API tokens with access to groups they are authorized to view:
DevOps users must be assigned to all groups the token has access to, in order to view the token.
Example 1: Token with access to groups A and B, can be viewed by a DevOps user that is assigned to groups A, B, C.
Example 2: Token with access to groups A and D, cannot be viewed by a DevOps user that is assigned to groups A, B, C.
DevOps users with permission for manage Users and Permissions can view all tokens, even if they are not assigned to groups.
DevOps users can copy, download, and refresh tokens based on their group authorization.
DevOps users with permission for manage Users and Permissions will not be able to copy / download / refresh, if not assigned to all the groups a token has access to.
DevOps users that are able to view a specific token with Global Access can also copy / download / refresh the token.
DevOps users can disable/enable tokens.
Deletion is only possible after disabling.
DevOps users can add groups to existing tokens if additional groups are available. There is no option to remove a group that was already added.
Creating a token does not provide access to this token forever. The creator of a token can view a token as long as his/her assigned groups are aligned with the groups the token has access to.
Open the SeaLights Settings page, from the Settings button on the top right.
Open the SeaLights Settings page, from the Settings button on the top right. |
Open the SeaLights Settings page, from the Settings button on the top right.