Skip to content

Latest commit

 

History

History
45 lines (32 loc) · 3.99 KB

reviewing-and-revoking-personal-access-tokens-in-your-organization.md

File metadata and controls

45 lines (32 loc) · 3.99 KB
title intro versions shortTitle
Reviewing and revoking personal access tokens in your organization
Organization owners can review the {% data variables.product.pat_v2 %}s that can access their organization. They can also revoke access of specific {% data variables.product.pat_v2 %}s.
fpt ghes ghec
*
*
*
Review token access

{% data reusables.user-settings.pat-v2-org-opt-in %}

About reviewing and revoking {% data variables.product.pat_v2 %}s

Organization owners can view all {% data variables.product.pat_v2 %}s that can access resources owned by the organization. Organization owners can also revoke access by {% data variables.product.pat_v2 %}s. When a {% data variables.product.pat_v2 %} is revoked, SSH keys created by the token will continue to work and the token will still be able to read public resources within the organization.

When a token is revoked, the user who created the token will receive an email notification.

Organization owners can only view and revoke {% data variables.product.pat_v2 %}s, not {% data variables.product.pat_v1_plural %}. Unless the organization {% ifversion ghec or ghes %}or enterprise {% endif %}has restricted access by {% data variables.product.pat_v1_plural %}, any {% data variables.product.pat_v1 %} can access organization resources until the token expires. For more information about restricting access by {% data variables.product.pat_v1_plural %}, see "AUTOTITLE"{% ifversion ghec or ghes %} and "AUTOTITLE"{% endif %}.

{% ifversion ghec %} Organization owners can also view and revoke {% data variables.product.pat_v1_plural %} if their organization requires SAML single-sign on. For more information, see "AUTOTITLE". For more information about using the REST API to do this, see "List SAML SSO authorizations for an organization" and "Remove a SAML SSO authorization for an organization."{% endif %}

{% ifversion pat-v2-org-admin-api %}

Organization owners can also use the REST API to review and revoke {% data variables.product.pat_v2 %}s. These endpoints can only be called by {% data variables.product.prodname_github_apps %}, and cannot be called with {% data variables.product.pat_generic_plural %} or {% data variables.product.prodname_oauth_apps %}. For more information, see "AUTOTITLE."

{% endif %}

Reviewing and revoking {% data variables.product.pat_v2 %}s

{% data reusables.profile.access_org %} {% data reusables.profile.org_settings %}

  1. In the left sidebar, under {% octicon "key" aria-hidden="true" %} {% data variables.product.pat_generic_caps %}s, click Active tokens. Any {% data variables.product.pat_v2 %}s that can access your organization will be displayed.
  2. Click the name of the token that you want review or revoke.
  3. Review the access and permissions that the token has.
  4. To revoke access by the token to the organization, click Revoke.

Alternatively, you can revoke multiple tokens at once:

{% data reusables.profile.access_org %} {% data reusables.profile.org_settings %}

  1. In the left sidebar, under {% octicon "key" aria-hidden="true" %} {% data variables.product.pat_generic_caps %}s, click Active tokens. Any {% data variables.product.pat_v2 %}s that can access your organization will be displayed. {% data reusables.user-settings.patv2-filters %}
  2. Select each token that you want to revoke.
  3. Select the tokens selected... dropdown menu and click Revoke....