Tokens

dxp10
HID_Tenant_Token
You can use the tenant tokens to identify tenants in the service logs that are causing unwanted or suspicious activities. For example, a multi-tenant service log shows that a tenant that is represented by a token is making excessive API calls. You can revoke the token if necessary, which suspends the tenant and shuts down the corresponding Enterprise Manager.
This section provides the following information:
Generate a Token in DX APM for Ingestion
Perform the following steps in DX APM.
The generated token does not have any impact on the existing tokens in DX APM.
Follow these steps:
  1. Log in to DX APM.
  2. Click
    Settings
    ,
    Security
    tile in the left navigation pane.
  3. Click
    Generate New Token
    .
    The
    New API Security Token
    dialog appears.
  4. Define the following details:
    • Label
      (name): Name of the security token.
    • Select the type of security token:
      • Agent:
        Token to authorize an agent.
      • Public API:
        Token to access a public API. You can set an expiry date for the public API tokens or you can set the token to never expire.
      • Tenant Token
        : Token to grant access to a tenant.
  5. Click
    Generate Token
    to generate the token.
    For security reasons, this token is displayed only once. Ensure to store the token in a safe place before closing this dialog window. Do not disclose the token to unauthorized parties.
The token now appears among the other tokens in the
Security
tab in DX APM. The following illustration shows how to generate a token in DX APM.
Generate a Token
Tokens in Cluster Manager
You can view the following information in the
Tokens
page of the Cluster Manager for the tokens that were generated in DX APM:
  • Token ID
  • Tenant ID
  • Internal or External: Click the
    External Only
    option on the top-right corner to display only the external tokens. If this option is disabled, the Tokens page displays both the internal and external tokens.
  • Description
  • Revoked
  • Created
  • Expires
Search for Tokens
You can filter the tokens using the token ID or the middle part of the token. Expand the Token ID to view the Token middle part and the decoded middle part of the token.
You can also search based on advanced filters by applying a prefix to the token properties. You can apply the advanced filters in the following ways:
  • Tenant ID filter:
    tid:<
    tenant id>
  • Revoke status filter:
    revoked:
    true
    |
    false
  • Username filter:
    user:
    user
  • Token ID filter:
    jti:
    token id
Suspend a Tenant
When you detect that a tenant is causing any unwanted or suspicious activities, you can revoke their token. Revoking the token suspends the tenant and shuts down the corresponding Enterprise Manager.
Follow these steps:
  1. Access a service log.
  2. Identify the hash code of the token.
  3. Use the tokens table to cross-identify the hash code in the
    Tokens
    page.
  4. (Optional) Click the Delete icon to revoke the token that suspends the tenant.