Configure Tokens
You must configure tokens for registering GigaVUE Fabric Components using Third Party Orchestration and registering UCT-V with GigaVUE-FM.
This feature generates tokens to verify the identity of a user for accessing theGigaVUE-FM
If you are authenticated, GigaVUE-FM allows you to generate a token based on your access privileges. You can copy the generated tokens from the GUI to access the REST APIs. Token inherits the read or write Role-Based Access (RBAC) privileges of the groups assigned to its user.
GigaVUE-FM generates multiple tokens and associates them with the corresponding user groups. If you have write access to GigaVUE-FM Security Management, you can revoke other users’ tokens but not view the created tokens.
Prerequisite
You must create user groups in GigaVUE-FM. For details, refer to Configure Role-Based Access for Third Party Orchestration.
Rules and Notes
|
■
|
Token authentication is an additional mechanism to access GigaVUE-FM REST APIs without replacing the existing GigaVUE-FM authentication mechanism. |
|
■
|
Only authenticated users can create tokens. |
|
■
|
A token expires or becomes invalid in the following cases: |
|
•
|
The token reaches the configured expiry or default period. The default value is 30 days, and the maximum value is 105 days. |
|
•
|
You delete a user group associated with the token. |
|
•
|
You change the password of the local user who owns the token. |
|
•
|
You change the authentication type. GigaVUE-FM deletes all tokens when this occurs. |
|
■
|
When you back up and restore of the GigaVUE-FM, previously generated tokens become unavailable. |
|
■
|
During an FMHA role changeover, active GigaVUE-FM tokens are active. |
|
■
|
For basic authentication, GigaVUE-FM restricts activities such as creating, revoking, and reviewing of Token APIs. |
|
■
|
If you use an expired or invalid token, GigaVUE-FM returns a 401 Unauthorized error when accessing the REST API. |
This section explains about the following:
Create Token
GigaVUE-FM allows you to create a token or multiple tokens if required.
To create a token,
|
1.
|
Go to  , select Authentication > GigaVUE‑FM User Management. |
The User Management page appears.
|
2.
|
In the User Management page, select Tokens. |
Note: If you are a user with write access, then you can view a drop- down list under Tokens. Select Current User Tokens to create a token.
|
4.
|
Enter a name for the new token in the Name field. |
|
5.
|
Enter the days until the token is valid in the Expiry field. |
|
6.
|
Select the user group for which you are privileged to access the GigaVUE-FM from the User Group drop-down list. |
|
7.
|
Select OK to generate a new token. |
The generated token appears on the Tokens page. You can copy and use the generated token to authenticate the GigaVUE-FM REST APIs.
Select the token that you want to copy, click the Actions button drop-down list, and select Copy Token. The token is copied. You can paste in the required areas.
Note: You cannot view the generated token. You can only copy and paste the generated token.
Revoke Tokens
You can revoke tokens that other users create only if you have write access in GigaVUE-FM Security Management.
To revoke tokens,
|
1.
|
Go to , select Authentication > GigaVUE‑FM User Management. |
|
2.
|
In the User Management page that appears, select Tokens. |
|
3.
|
From the drop-down list, select Token Management. |
|
4.
|
You can view the token created by other users. |
|
5.
|
Select the token that you want to revoke. |
|
6.
|
Select Action, and then select Revoke. |
Export Token
GigaVUE-FM allows you to export selected or all the tokens in CSV and XLSX format.
|
■
|
To export a token, select the token, and from the Export Selected drop-down list box, select either the CSV or XLSX format. |
|
■
|
To export all the tokens, select the token, and from the Export All drop-down list box, select the CSV or XLSX format . |
Create a Token with Custom User Group
GigaVUE-FM allows you to create a token with different user groups.
To create a token,
Note: Do not assign this user to any existing user group.
|
2.
|
Set up a custom role with the required permissions. |
|
o
|
Example: orchestrationRole |
|
o
|
Assign “Third Party Orchestration” with write permission |
|
3.
|
Create a user group, assign the custom role to it, and add the user to the group. |
|
o
|
Example: orchestrationGroup |
|
o
|
Assign the orchestration Role to this group. |
|
o
|
Add the orchestration user to this group. |
|
4.
|
Log in to GigaVUE-FM using the custom user, go to the token page, and select the custom group. |
The token is generated.
