Rejoice all administrators! I am very happy to unveil a frequently requested feature – access token expiry notification, as part of AgilePoint NX V9 rollout.
An access token contains access related information. AgilePoint NX uses this information to authenticate with an external system. Depending on the external enterprises’ access control policy, this access control credentials might have to be renewed at specific intervals. The expiry policy is defined by concerned security experts of another enterprise.
Majority of systems support OAuth2 based authentication and hence have auto-refresh of the token enabled as per the OAuth2 specification which makes sure tokens are auto recycled at regular interval without any human intervention, for e.g. Box, Google Drive etc. However, there are still a handful of systems which are either username/password (basic authentication) based or do not have the auto refresh option as the underlying system does not support OAuth2. Examples include few SharePoint authentication options and database.
Token expiry would prevent the exchange of information between AgilePoint NX apps and the third-party system, resulting in app downtime. To tackle this, administrators were setting up a reminder in an external system to change credentials before they expire.
Given that many mission critical systems in hundreds of large enterprises are powered by AgilePoint, we have introduced an expiry remainder configurator right within AgilePoint without needing to setup a reminder elsewhere. Once password expiration date and email has been configured, AgilePoint NX system will start sending a reminder notification 15 days before the password expiration date to the email address configured and copy will be sent to system admin or tenant administrator.
Shown below, is an example of notification can be configured for SharePoint token.
Shown below is the corresponding notification email.
This feature is available for both global access tokens and app level access tokens. This will be enabled only for access token types which do not support auto-refresh token in the underlying system.