Create Admin Tokens

You can create admin tokens to provide tokenized account access for automated strongDM use. This guide describes setting up and using admin tokens. To create an admin token, you'll need to have admin access to the strongDM Admin UI.

Admin tokens are for administrative tasks, including:

  • Collecting audit logs
  • Managing users
  • Managing roles
  • Managing resources
  • Managing gateways and relays


Admin tokens come from Settings > Admin Tokens. Click on add token and the Create Admin Token page will come up. Here you can choose which rights this admin token will have and how long the token will be valid.

Create Admin Token
Create Admin Token

Give your token a name, select the appropriate options for your admin token use case, then click Create. The token will appear in a pop-up window. Copy the token somewhere safe, as you will not be able to view the token after this point.

Admin Token Secret
Admin Token Secret


There are 2 methods to authenticate the CLI with an admin token.

Environment Variable

The CLI will reference the environment variable SDM_ADMIN_TOKEN. You can set this in your shell by using export

export SDM_ADMIN_TOKEN='token_value_here'


The CLI can also store the token if a login is performed with the --admin-token flag.

sdm login --admin-token='token_value_here'

General Usage

Once authenticated with an admin token, you will be able to run any command granted to the token.

  • User commands: sdm admin users -h
  • Role commands: sdm admin roles -h
  • Datasources & Server: sdm admin -h
  • Relay commands: sdm admin relays -h
  • Audit commands: sdm audit -h


Rotating an admin token will generate a new secret while maintaining the name and permissions. We recommend doing so if you believe a token has been compromised or if a user with access to the token has left the your organization.


Once a token has been rotated or deleted the token will immediately lose its ability to authenticate commands from that point forward.

Admin UI Guide — Previous
Admin Tokens
Generate API Keys