Maintaining robust security measures is paramount. One effective strategy is to implement a per-user token system, which adds an extra layer of security by assigning unique tokens to each user within a tenant. This article will explore the benefits of a per-user token system, how it enhances security and auditing, and the steps to implement it on your platform.
Advantages of a Per-User Token System
Enhanced Security: Unlike a per-tenant token system, where a single token is shared among all users in a tenant, a per-user token system assigns a unique token to each Admin or Organizer role. This means that if a user's account is removed from the platform, their token access is automatically revoked, preventing unauthorized access without affecting other valid users in the tenant. This individualized approach significantly reduces the risk of security breaches.
Improved Auditing: A per-user token system simplifies the auditing process. By associating tokens with specific users, administrators can easily trace the origin of each token, making it easier to identify and address potential security issues. This traceability ensures accountability and provides a clear audit trail for compliance and security reviews.
Stable Access Control: In a shared tenant-based token system, there's a risk that one user could inadvertently invalidate the token, disrupting access for everyone in the tenant. With a per-user token, each user retains control over their own token, ensuring that no one else can invalidate it. This stability is particularly important in large organizations where uninterrupted access is critical.
How to Set Up a Per-User Token
Enabling per-user tokens is a simple process that can be completed by an Admin directly through the platform’s interface. Follow these steps to set up and manage your token:
Accessing the Token Setup:
Log in to the platform with your Admin credentials.
Navigate to the System Settings by clicking on the profile icon in the top-right corner and selecting the Settings option, or go directly to
/a/system-settings/development/.In the System Settings, click into the "Development" section.
Enabling and Managing Your Token:
In the "Development" section, locate and click on the "Access Here" button. This will redirect you to the profile edit screen.
Under the "Additional Information" section, you will find a new field labeled "GraphQL Token." This is where you can generate and manage your per-user token.
To copy the token, simply select and copy the value displayed in the "GraphQL Token" field.
Refreshing Your Token:
If at any point you need to refresh your token (for example, if you believe your current token may have been compromised), return to the profile edit screen by clicking into your Profile and clicking edit.
Click the "Refresh" button next to the "GraphQL Token" field. This action will generate a new token, automatically invalidating the previous one.
Admin Access:
Once the per-user token system is enabled, any Admin within the system will be able to access and manage their own GraphQL token through their profile edit screen.
This process ensures that each Admin has a unique token, further enhancing security across the platform.
Important Considerations
Role-Based Access: Only users with an Admin role will have access to the token generation feature. Organizers & Regular users will not see this option in their profiles, maintaining the integrity and security of the system.
Non-Impact on Tenant-Based Tokens: Generating a per-user token does not affect any existing tenant-based tokens. Other users who rely on tenant-based tokens will continue to operate without disruption. However, switching to a per-user token system is recommended for enhanced security and control.
Conclusion
Implementing a per-user token system is a crucial step in enhancing the security and stability of your platform. By assigning unique tokens to individual users, the system ensures that access is tightly controlled and easily audited. This not only protects your organization from unauthorized access but also empowers users with greater control over their security credentials. Transitioning to a per-user token system is a proactive measure that safeguards your platform and strengthens your overall security posture.