Setting up access keys for programmatic access
An access key contains a key and a secret key. The key and the secret key are similar to the user name and the password that are required for programmatic access to the system. Both the keys are generated randomly during the creation of an access key.
A tenant administrator can create multiple access keys. Whereas, a user can create only two access keys. For details about the user access key, see Setting up user-level access keys.
To understand the concept of keys, see User access and keys.
To create an access key
- On the User access > Users and keys page.
- On the Access keys tab, click Add key.
- Enter a name for the key.
The key name provided in this step is only a logical representation that is used for easy identification purposes on the UI. This key name cannot be used to authenticate into the system. From the Key type list, select Access.
Don't select API from the Key type list unless you want to create a key for data ingestion. For more information, see Using API keys for external integrations.
Select the number of days for which you want this key to be valid.
You can also set a custom date or set it to never expire. Although you can set the key to never expire, for enhanced security purposes, we recommend that you set a definite key expiry date. After the key expires, you can extend the date by editing the access key.
- Click Confirm. You can now assign groups and roles to this user.
From the Key details pane, copy the access key and the secret key.
(Optional) To assign appropriate permissions to the access key:
If you have user groups that are associated with roles containing appropriate permissions, assign user groups.
If you have roles with appropriate permissions, assign roles.
You can also assign groups and roles later by clicking Actions > Key details.
- Close the Key details pane.
Managing access keys
Navigate to the User access > Users and keys page, and click the Access keys tab.
From the Key details pane (Actions menu of an access key), you can do the following:
| Task | Description |
|---|---|
| Modify the key expiry | Provide a custom value for the key expiry or set it to never expire. All Administrator group members and the user who created and modified the key receive an email notification two days before the key expires. |
| Change the user group and role assignments | In the Assignments section, click Select to select appropriate user groups or roles. When the user group or role assignments change, the impacted users receive a bell notification. |
Generate a new secret key | In scenarios where you want to delete the existing secret key or you have lost the existing secret key, you can generate a new one by clicking Generate new secret key. You can copy the secret key immediately after it is generated. After you close the window, the secret key is stored in an encrypted format and is unavailable for copying. |
Copy the key details (access key, secret key, and tenant ID). | The keys are copied in the following format: The secret key is available for copying only during creation of a new key. After that, it is copied in an encrypted format. If you do not copy the secret key when it is generated or if you lose it, you must generate a new one. |
From the Actions menu of an access key, you can delete an access key, view permissions, or mark a key as active or inactive.
Comments
Log in or register to comment.