The Session Management page available under Avatar -> Session Management lists all tokens for any process having interaction with FogBugz or Kiln, including connections made by integrations, webhooks, or through API.
It also allows FogBugz administrators to view and revoke active tokens for their users. Revoking a token will result in immediate access revocation for that session.
Tokens can be removed:
- individually - by clicking the red X next to them at the end of the line
- in bulk per user - by clicking the Delete All Tokens next to the user name
- in bulk for all sessions - by clicking the Kill All Sessions button at the top
Note: API tokens created for a given integration are listed under a user name reflecting the integration type (eg: API tokens for Google Drive integrations are listed separately as if it would exist a user named Google Drive).
Tokens get invalidated, when
- executing a logoff (including executing a logoff API command with that token)
- changing the user’s password who created the given API token
- a FogBugz administrator invalidates that token from this Session Management page.
Tokens are not invalidated when:
- email address is changed.