Though users interact with strongDM by logging into their account and connecting to datasources and servers, this workflow isn’t useful for more automated functionality like log exports or automated provisioning/deprovisioning. That’s why you can create admin tokens to provide tokenized account access for fully automated strongDM use. This guide describes setting up and using admin tokens. To create an admin token, you’ll need to have admin access to the strongDM web UI.
Admin tokens are for administrative tasks, including:
Admin tokens come from Settings > Admin Tokens. Click on add token and the Create Admin Token page will come up. Here you can choose exactly which rights this admin token will have, and how long the token will be valid.
Give your token a name, select the appropriate options for your admin token use case, then click Create. The token will appear in a pop-up window. Copy this data now, as this is the only time the token will be visible.
If you ever need to delete this token, you can do so from the main Settings > Admin Tokens page.
Now that you have an admin token, you need to get it into your environment to use. The process is simple:
Set the environment variable SDM_ADMIN_TOKEN. You can do this for the current shell by using
export or make it more permanent by placing it in
.bash_profile depending on your current distribution’s preference. You could also add this variable to the top of any shell scripts you’re planning to use SDM with.
sdm command with no additional authentication needed. Try an SDM admin command that is permitted to your admin token to verify that the authentication token is properly visible to SDM.
If the output is
unavailable: Unable to contact strongDM API, then the token was not properly read by SDM.
At this point you should be able to set up your scripts or automations to use
sdm commands with no further configuration needed.