asroo (asroo) asked a question.
Suspending Admin account that created API Token
How do we suspend and deactivate an admin account that created API Token without interrupting the service?. When the admin account is suspended, authentication failed with error : "HTTP 401 Okta E0000011 Invalid Token provided when running API calls". Is there a way to safely move the API Token under another user and deactivate the account of the admin who is no longer with the firm ? whats the suggested best practice for this?
Unfortunately tokens are associated with a particular user and as far as I know what you are asking is not possible. If you wanted to get really creative, you could look at keeping the account active, add the account to a new user group called something like "disabled users", and adding authentication policies which prevent members of that group from authenticating... but that should only be considered as a very short term solution until you can follow best practices, which would be to leverage service accounts for API Tokens.