How to audit the expiration of API tokens in VMware Cloud Services.
search cancel

How to audit the expiration of API tokens in VMware Cloud Services.

book

Article ID: 327459

calendar_today

Updated On:

Products

VMware Cloud on AWS

Issue/Introduction

This document provide instructions for auditing the violations such as expiration date for API tokens and allows organization owners to take actions on the API tokens. 


Resolution

Below steps can be performed by organization owner. 

1)  Login to VMware Cloud Services  https://console.cloud.vmware.com and select the appropriate organization. 

2)  Enable Identity and Access Governance by clicking on the pop-up "link identity provider" 

step-1.png

3) Link the IDP and get started with Governance.

step-2.png

step-3.png

4) After linking the IDP, you will see "Governance" tab added to VMware cloud services.

Screenshot 2021-09-07 at 10.30.16 AM.png

5) Organization owner can check the expiration of the api-tokens by setting the API TTL policy as shown below. 
For instance, org owner will get the HIGH severity alerts if the API token creation date (TTL) exceeds 30 days. 

Screenshot 2021-09-07 at 10.39.23 AM.png

6) Owner can list all the violations under "governance" tab as shown below.

Screenshot 2021-09-07 at 10.45.02 AM.png

If you expand "token-1", you will see the information  related to its creation date and time. Also, it tells who created this token. 

Screenshot 2021-09-07 at 10.45.18 AM.png

7) If you want to ignore the specific violation from violations dashboard, you can select the token and click on "ignore" as shown below. It means next time onwards system will not show such ignored violations.

Screenshot 2021-09-07 at 10.56.36 AM.png

After ignoring the violation, you will not be able to see it as an active violation  until and unless you enable  "show all" option. 

Screenshot 2021-09-07 at 10.59.12 AM.png

Screenshot 2021-09-07 at 10.59.18 AM.png

8) In case you want to activate the violations and want to see it under violations dashboard, you can choose the token and click on "activate" button as shown.

Screenshot 2021-09-07 at 11.02.31 AM.png


Additional Information

For more information about Identity Governance and Administration, Refer below documentation :

https://docs.vmware.com/en/VMware-Cloud-services/services/Using-VMware-Cloud-Services/GUID-E6661280-A88A-4E26-9008-4C1620641FA1.html