Set an automatic expiration date for tokens

Tokens are intended to grant temporary access to Flowfinity, allowing one-off or short-term users to view, edit, or perform operations.

However, when Token Access Management applications create a token, it does not include an expiration or deletion date. This allows system admins or app builders to configure expiration in the most appropriate way for specific workflow. A simple solution for ensuring only temporary access is to create expiration dates for token users and to automate the deletion of expired tokens using an Escalation.

Example

ABC Property Management has now configured the Tenant Survey and Tenant Tokens applications to generate access tokens and guide token users to a survey using a personalized deep link.

However, to promote a quick response by tenants and ensure only temporary access to their system, a decision has been made to automatically delete access tokens after a week. Creating an escalation in the Tenant Tokens app can easily accomplish this goal.

Steps

  1. Customize the Tenant Tokens app.
    Flowfinity - Set an automatic expiration date for tokens
  2. Navigate to the Operations tab, select 'Escalations' and then 'Add escalation.'
    Set an automatic expiration date for tokens
  3. Complete the General Properties section, including a title (e.g., Delete Expired Token) and provide an optional design comment. Set the 'Status' dropdown to 'Enabled.'
    Set an automatic expiration date for tokens
  4. In the Condition section, click 'Add condition' and configure the following:
    - Created on, Before Last X Calendar Days, Constant, 7
    Set an automatic expiration date for tokens
  5. Add a second condition as follows, then select both conditions and click 'Combine with AND.'
    - Current state name, Equals, Constant, Active
    Set an automatic expiration date for tokens

    With these conditions enabled, the escalation will only execute when a record is both older than 7 days and is still in the active state.
    Note: By default, all Token Access Management applications only include an 'Active' state.
  6. Finally, we need to attach the escalation to an Operation. Select 'Delete User' from the 'Operation' dropdown menu. Then enter a source email address the escalation notifications will be sent from.
    Set an automatic expiration date for tokens
  7. The final configuration should look like this:
    Set an automatic expiration date for tokens
  8. Click 'Save escalation' and publish the application.

This escalation is now enabled and will automatically delete any token users older than 7 days, without requiring manual intervention from a system admin or manager. Automating this process helps maintain security by removing token access to the system beyond the expiration date.

Alternatively, user tokens can be deleted using a task. For an example of this method, visit 'Deleting User Access Tokens as part of a Workflow.'


Note: Process for activating tokens in Flowfinity Actions

  1. Navigate to the Configure tab and select Token Billing from the menu. Only Public site administrators can activate tokens for a server.
  2. Click the button to activate tokens and complete the form.
  3. Once you receive a confirmation, tokens will then be available, and a summary of monthly token submissions will be viewable in the Token Billing tab. Use the Event Journal to view individual record transactions.
  4. To deactivate tokens: click the deactivate button, fill in and the form, and a final monthly report will be generated.