https://netsuiteprofessionals.com logo
Join SlackCommunities
Powered by
Hello! Is there a way to revoke a user token creat...
# sdf
d
Hello! Is there a way to revoke a user token created by the browser based authentication via script?
n
in WebStorm, there is an option to revoke the token.
p
Not via script, no.
d
🤨 when an employee leaves, we have to manually revoke for every account, that sucks.
s
if that employee is deactivated they should have access any more.
I haven't personally tested that - have you confirmed that tokens still work even if the associated employee no longer has access?
d
Correct. But for every customer a (partner) employee has access to you would have to enter every customer account to disable their access.
s
assigning individuals to accounts that way is a poor security practice - even while the person is still working with the firm.
as a workaround - in that scenario could you at least change their password upon exit?
d
I agree. And we're not doing that but for SDF the devs can authenticate via browser to assign a token. Tokens don't care about password changes. I need a way to revoke those tokens easily.
s
I think a better practice is to use a named account login(s) unique for each customer with a strong password that is managed by the firm.
d
I don't disagree at all! Technically that's against NS terms though.
s
aye, the plugin's browser support is better aligned with single-company use than the partner/many NS account scenario
✔️ 1
Interesting - do you have a reference for those NS terms? It would be sad to think they are encouraging insecure practices or actively blocking more secure ones. Or is the violation you're thinking of more of a 'sharing a login' situation?
Open in Slack
PreviousNext
Powered by