Connections And Credentials
Access Tokens
How token mode works, how to get the right Azure token, and what changes in the review flow.
What this page is for
This page explains how token mode works and when it is the right choice instead of a saved connection.
When to use it
Use token mode when:
- you want a one-off review
- you do not want to save reusable Azure access yet
- the fastest path to a first successful scan matters more than long-term convenience
How to use it
- Choose
Paste Access Tokenin the review modal. - Paste a token for the Azure Management API.
- Let Hygiara validate the token against Azure.
- Continue through the remaining steps and queue the review.
What token you need
The token must be valid for:
https://management.azure.com/
You can obtain one with:
az account get-access-token --resource https://management.azure.com --query accessToken -o tsv
or:
(Get-AzAccessToken -ResourceUrl https://management.azure.com).Token
What to expect
Token mode behaves differently from saved-connection mode:
- Hygiara validates the token before you can continue
- all subscriptions visible to that token are included automatically
- there is no separate subscriptions step
Common mistakes
- using a token for the wrong audience
- pasting an expired token
- expecting token mode to behave like stored-credential mode