Token Authentication
For
debugging or even normal day-to-day operations, accessing the Controller’s CLI is often
needed using SSH. To access the
Avi Load Balancer Controller
through SSH, the system admin or a registered user
must have a valid token. Note that this token is not the same as the Oauth token. It is an
alternative to a password. The system admin can create a temporary token for a user to
access resources for a few hours. After that time expires, the token will not work and the
user loses access, so there is no need to delete the token. Once a token is created, you can
initiate an SSH connection to the Controller using CLI as the SSH user. A CLI shell is
created. Once the shell has been created, a login prompt will be displayed. Provide the
required username and the token as the
password.To generate the SSO token through the UI, perform the following steps.
- Login to theAvi Load BalancerUI.
- Click the three dots in the top right corner of the dashboard.
- SelectGenerate Tokenfrom the drop down menu.
A pop-up screen appears as shown below.
- Enter theToken Lifetimefor the token’s validity in hours and clickGenerate.
- To generate a single use token, enter 0.
- The maximum value that can be entered in this field is 87600 hours.
- In case another token is generated before the first one expires, the first token still remains valid.

- Copy the generated token for CLI/SSH access.
- To delete a token, for example, if you want to decommission an active token, use the DELETE command in the CLI.