问题
Following these abbreviated steps to generate an Okta token:
- Log in to your Developer Console
- Navigate to API > Tokens and click Create Token
- Give your token a name
works wonderfully, however I'd like to limit the authority of such a token to only affect certain applications or perform only certain operations - is this possible?
回答1:
API Tokens share the same rights as the admin that created them.
If you wanted to create an API Token that had read-only access, for instance, you could follow these steps:
- Assign the Read Only admin role to a user (preferably a service account)
- Login as that user
- Create an API Token as usual
That API Token could now only be used for read only operations. An attempt at a write operation with that API Token would fail.
HTH! (full disclosure: I work for Okta)
来源:https://stackoverflow.com/questions/53690385/is-there-a-way-to-limit-an-okta-token-authority