Skip to main content
Version: v4.12

Access Token Settings

Access token related settings can be configured on the Access Tokens tab in the general Settings page. This requires the Manage Access Tokens permission, which is granted by default to users that belong to Admin or Super Admin groups.

The following are the access token related settings that can be configured:

  • Max Token Validity Period: Specifies the longest period that can be defined as the validity period of an access token.
  • Default Token Validity Period: Defines the default period that newly issued access tokens will remain valid. This value cannot exceed the Max Token Validity Period.
  • Max Valid Tokens for a User: Specifies the maximum number of concurrent valid access tokens a user can have.

    Decreasing the maximum number of valid tokens for a user does not impact existing access tokens. To be able to create new access tokens, users with more access tokens than the limit will have to delete tokens, until the number of access tokens is below the new limit.

  • Offline Token Validation: Enables or disables offline validation of tokens in the sidecar. If offline validation is enabled, the sidecar will be able to validate and authenticate database access even if the Cyral control plane is temporarily inaccessible. Note that during the period where the sidecar cannot access the control plane, any token creation or deletion events will not be reflected in the sidecar state. This gives more control to Cyral Administrators to configure whether high availability (Offline Token Validation enabled) or stricter access control (Offline Token Validation disabled) should be prioritized for database access.