Revoking user and integration grants

If a person leaves the company, you might want to remove their identity entry from the integration. There are two ways to revoke the integration’s access to Venafi APIs. Either use the Identity tree or the API Integration page. If you use the API Integration page, the token is still valid until the grant expires. After grant expiration, access is denied and they will not be able to refresh the token to get a new grant.

To immediately revoke user grants for registered integrations with Venafi, see Revoking a user's access grant.

To revoke refresh capability for a specific API integration

IMPORTANT  Removing identities doesn't affect existing grants or tokens for the API integration but only limits the identities you've removed from getting new grants to the API integration.

  1. From the Platform menu bar, click APIIntegrations.
  2. In the left navigation, click an integration, and then click Users or team access.
  3. Under User/Team, click the trash icon.

  4. Click Save.

    All preexisting grants and tokens remain active until the token expires. After expiration, the user or group will not be allowed to refresh the token to gain access to the integration.