EM: Security > Authentication Tokens

Description

The Authentication Tokens panel in Enterprise Manager provides a centralized view of all active session tokens issued to users within the system. Administrators can filter tokens by expiration criteria, identify the currently active session (highlighted in red), and manage token lifecycles to maintain secure user authentication across the BBj environment. See: BBjAdmin TokenInfo Javadoc.

Location

EM Navigator → Security → Authentication Tokens

Toolbar

Button	Function
	Adds a new entry and opens new application.
	Removes/deletes selected application(s) or files from the system.
	Refreshes the displayed list of applications and their status.

Create Authentication Token

To create an authentication token, click icon to open the Create Authentication Token dialog. The panel provides administrators with a secure method to generate time-bound tokens for JDBC, ODBC, and Admin API connections. Token generation requires valid user credentials, with optional payload parameters to extend functionality through name-value pairs. Expiration settings define the token’s validity period, ensuring controlled access and compliance with security policies. See: BBjAdminRemoteWrapper Javadoc.

Settings	Descriptions
Username	Specifies the account identifier required to associate the generated authentication token with a valid user.
Password	Collects the account password used to authenticate the specified username before generating the authentication token.
Expiration(minutes)	Sets the token’s validity period in minutes, after which the generated authentication token automatically expires and is no longer accepted.
Optional Payload	Accepts comma-separated name=value pairs to attach application-specific payload attributes to the generated token, which are stored with and retrievable via the Admin API. See: BBjAdmin TokenInfo Javadoc.
Authentication Token	Contains the generated authentication token value for use in authorized client connections and Admin API requests.
Generate Token	Generates a new authentication token using the supplied username and password, optional payload, and expiration settings for JDBC, ODBC, and Admin API connections.

Active Authentication Tokens: More Options Dropdown

To create an authentication token, click the green plus button in the upper-right corner to open the Create Authentication Token dialog. The panel provides administrators with a secure method to generate time-bound tokens for JDBC, ODBC, and Admin API connections. Token generation requires valid user credentials, with optional payload parameters to extend functionality through name–value pairs. Expiration settings define the token’s validity period, ensuring controlled access and compliance with security policies.

Settings	Description
Refresh Rate	Sets the automatic refresh interval for the data table. Selecting a time value (3, 5, 10, or 15 seconds) updates the data at the specified interval. Selecting Manual disables auto-refresh, requiring the user to manually reload the data.
Use Filter	When unchecked, disables all associated filter inputs, rendering the fields non-editable and preventing filter execution, regardless of any configured criteria. When checked, enables the filter controls, allowing users to define one or more filtering conditions by selecting a field (Public Key ID), a comparison operator (equals, contains, less than, and regex etc.), and a corresponding input value. The filtering logic may be expanded with compound conditions using logical operators such as AND or OR.
Token Filter Criteria	The Token Filter Criteria section optimizes token management by allowing administrators to filter authentication tokens using attribute fields like User, Issued At, and Expiration, ensuring efficient session oversight within Enterprise Manager. Settings Description User Identifies the account owner of the authentication token, allowing administrators to filter token records by the associated user. Issued At Indicates the timestamp when the authentication token was created, enabling filters based on issuance time. Expiration Defines the timestamp when the authentication token becomes invalid, allowing filters based on token expiry.
Comparison Dropdown	Conditional operator(s) used to evaluate the selected column against the input value in the filtering row. Options include equals, greater than, less than, contains, and regex. Used together with the field selector and value input to build precise filter expressions when the Use Filter checkbox is enabled. Settings Description equals Matches records where the selected column’s value is exactly the same as the input value. greater than Matches records where the selected column’s value exceeds the specified input value. less than Matches records where the selected column’s value is lower than the specified input value. contains Matches records where the selected column’s value includes the specified sequence of characters. regex Filters records using a regular expression pattern, enabling advanced, rule-based text matching in the selected column.
Filter Value Field	Defines the user-specified target value that must match the selected filter column and comparison condition when the filter is applied.
Logical Operator Dropdown	Defines the logical relationship between multiple filter conditions in the filter panel, available options: None, AND, and OR, determine whether additional criteria are ignored, combined with AND, or evaluated with OR logic. Settings Description None Selects no option for the control, leaving the related feature inactive and applying no additional behavior. AND Applies logical conjunction to the active filters so a token record appears only when all selected conditions are true. OR Applies logical disjunction to the active filters so a token record is returned when any selected condition is true.

Active Authentication Tokens: Tokens Detail

The Token Details presents a structured view of generated authentication tokens and their key attributes. Each entry identifies the associated user, the exact issuance time, and the configured expiration to enable precise monitoring of token validity. This information allows administrators to manage session lifecycles effectively and ensure compliance with security controls.

Column	Description
User	Identifies the account to which the authentication token is assigned, enabling tracking and management of tokens by user identity.
Issued At	Records the timestamp when the authentication token was issued, enabling time-based auditing.
Expiration	Indicates the timestamp when the authentication token expires, enabling validity and audit control.

See Also

BBjAdminBase

Public Private Keys

Settings