Allowing applications to create user tokens
These tokens are not related to personal access tokens (PATs) that you might know from Jira or Confluence. If you'd like to create personal access tokens, you need to do it in each of these products separately, and not through Crowd. Learn more
To allow applications to create such tokens:
- In Crowd, go to Applications > <your_application_name> Options.
- Check Allow to generate user tokens.
There is a possibility for applications connected to Crowd to generate Crowd tokens for users without passing their passwords in a request.
Such token can later be used to impersonate user in other SSO version 1 applications if they have similar directory setup.
User tokens can be used to impersonate user in Crowd web application if Crowd application has similar directory setup.
For this reason, it is important to connect only trusted applications to Crowd. Additionally, it's recommended that you keep the Allow to generate user tokens setting disabled unless your application and setup clearly requires this setting to be turned on.