API Token Management #8380
Unanswered
shodanwashere
asked this question in
Q&A
API Token Management
#8380
Replies: 1 comment
-
|
Hi @shodanwashere, are you talking about API Token to be able to access DefectDojo API or tokens used in |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
We're deploying an instance of DefectDojo in our corporate environment and it has come to our attention that, with an Azure AD connection, even if users are removed from the application, any API tokens they made are still valid (it's been 24 hours since we tested with removing a user and their API token is still valid).
In the DefectDojo
settings.dist.pyfile, there also doesn't seem to be any kind of modifiable configuration to change API Token TTL, and it's not specified in the documentation either. Did I miss it anywhere? Is there a way of specifying API Token TTLs?Beta Was this translation helpful? Give feedback.
All reactions