Viewing tokens for a user session to analyze application issues

When a user or a service, requests BMC Helix Single Sign-On for access to the application over the OAuth2 protocol, BMC Helix Single Sign-On issues access and refresh tokens related to the user's session. 

Administrators can view the details of all the tokens issued for a user session to troubleshoot multiple issues like continued user access even after the user has logged out of the application, or users being logged out of applications automatically. You can use this data to delete tokens associated with a user session without having to explicitly search for tokens associated with the user session from the OAutn token list.

Administrators can view details including the client ID, type, creation, and expiration information of OAuth2 tokens related to the selected user session. The actual token value is masked for security reasons. 

Tenant administrator access to session and token information

In a single tenant environment, session information and related token data are accessible to the administrators of the specific Tenant and the SaaS administrator. For example, you have a tenant Apex Global. Session and token data for this tenant is available only in the Tenant Admin Console of the Apex Global tenant and the SaaS Admin Console when the Apex Global tenant is selected. 

In a multitenant environment, user session information is stored in the specific Tenant, and the token information for the session is stored in the SaaS Tenant. Tenant administrators can view session information for their tenant, but do not have access to the token information. 

For example, Tenant Administrators for Apex Global only have access to the session data and SaaS administrators have access to the session and token data for Apex Global.