Ephemeral access allows you to provide limited, time-based access to a specific resource or set of resources to another person, without them being a part of your organization. This option can be advantageous when integrating your own portal on Ravello infrastructure or when you want to provide an external user with temporary access. For example, you can use these tokens to grant your partners limited access to a specific demo environment, without creating a user in your environment.
This article describes these aspects of working with Ephemeral Access Tokens
- Creating Ephemeral Access Tokens
- Managing Tokens
- Adding Resources to an Existing Token
- Changing the Token Validity
Note: You must have the appropriate permissions assigned to you in order to create and view ephemeral tokens.
Creating Ephemeral Access Tokens
You can create ephemeral access tokens for applications and blueprints. Although the steps below describe the process for creating a token for an application, the process for blueprints is basically the same.
A token can be used to provide access to one or more resources. More than one token can be created for an application or blueprint.
To create an ephemeral access token:
- On the Applications page, select one or more resources, then click More > Grant Ephemeral access.
- In New Ephemeral Access Token dialog box:
- Enter a name and description for the token in the designated fields.
- Select the permissions to grant and the time limit for access.
- If you selected more than one resource, selected the preferred creation method (Different token for every application or All applications in a single token).
- Click Create. The dialog box is refreshed to display the Ravello UI URL and the API token details.
- Send the URL to the person(s) to be allowed temporary access.
You can view a list of all tokens on the Admin > Ephemeral Access Tokens page. Alternatively, you can create and edit tokens from the Applications and Blueprints modules.
To view the details for a specific token:
On the Applications page or Blueprints page, select the resource and click More > Show Ephemeral Tokens.
To view/edit the details of a specific token, click the token name.
All resources associated with the token are listed.
Adding Resources to an Existing Token
You can add permissions for an additional resource to an existing token.
To add permissions:
- On the token details page, click Create Permission.
- On the Permissions > Add a Permission page, select the resource type, permitted actions, and filter criteria (equals or is not equal to a specific resource).
- Click Save.
Changing the Token Validity
When you create an ephemeral access token, you set the expiration time. If, for whatever reason, you need to restrict or terminate that access you can do so at any time.
To change the expiration date:
- On the Applications page or Blueprints page, select the resource and click More > Show Ephemeral Tokens.
- Click the token name to display the token details page.
- In the Set Expiration section, set a new expiration date and time, or select Now from the time dropdown list to terminate access immediately.
- Click Save.