Manage Enrollment Tokens

After creating enrollment tokens, you can view their usage, revoke tokens to prevent new enrollments, or delete tokens that are no longer needed.

INFO

Requires Posture Manager role or higher.

Viewing Enrollment Tokens

Navigate to Sensors > Enrollment Tokens to see all tokens in your organization.

The token list displays the following information for each token:

Column	Description
Name	The descriptive label you assigned when creating the token.
Created	The date and time the token was created.
Created By	The user who created the token.
Expiry	The expiration date, or "No expiry" if none was set.
Status	Active, Revoked, or Expired.
Enrolled Sensors	The number of sensors that have enrolled using this token.

Filtering and Sorting

• Use the search bar to filter tokens by name.
• Click column headers to sort the list.
• Use the status filter to show only Active, Revoked, or Expired tokens.

Revoking a Token

Revoking a token prevents any new sensors from enrolling with it. This is useful when:

• A deployment window has closed and you want to prevent further use.
• A token may have been exposed or shared unintentionally.
• You want to disable a token temporarily without deleting it.

To revoke a token:

1. Navigate to Sensors > Enrollment Tokens.
2. Locate the token you want to revoke.
3. Click the actions menu (three dots) on the token row.
4. Select Revoke.
5. Confirm the revocation in the dialog.

TIP

Revoking a token does not affect sensors that have already enrolled. Those sensors will continue to operate normally. Only future enrollment attempts using the revoked token will be rejected.

The token status changes to Revoked and it is no longer usable for new enrollments.

Deleting a Token

Deleting a token permanently removes it from AttackLens. This action cannot be undone.

To delete a token:

1. Navigate to Sensors > Enrollment Tokens.
2. Locate the token you want to delete.
3. Click the actions menu (three dots) on the token row.
4. Select Delete.
5. Confirm the deletion in the dialog.

WARNING

Deleting a token is permanent. If sensors are still using this token to enroll, they will fail to register. Make sure no active deployments depend on the token before deleting it.

Expired Tokens

Tokens with an expiry date automatically become inactive once the date passes. Expired tokens:

• Cannot be used for new enrollments.
• Do not affect already-enrolled sensors.
• Remain visible in the list with an Expired status for auditing purposes.
• Can be deleted when no longer needed for record-keeping.

Best Practices

• Use descriptive names: Include the environment, department, or deployment window in the token name so you can identify its purpose at a glance.
• Set expiry dates: Short-lived tokens reduce the risk of unauthorized enrollment if a token is leaked.
• Revoke promptly: After a deployment campaign is complete, revoke the token immediately.
• Review regularly: Periodically review the token list and clean up revoked or expired tokens.
• One token per deployment scope: Avoid reusing a single token for all deployments. Separate tokens by environment or team for better access control and auditability.