API Token Access as a Default Member Permission?

With a growing number of users wanting personal API tokens for using their own MCPs, is there a way to give all users (or a group) API token permission?

Currently, I have to do this on a per user basis which is becoming tedious.

Any other suggestions?

Find more posts tagged with

Support

Comments

Gleanie Kat

We're working on supporting group permissioning for this @windowskies. Also tagging in @johnagan in case he has any workarounds for this on the API side.

johnagan

+1 to what @Gleanie Kat said. On the developer side, we're working on improvements to OAuth as well.

windowskies

Thank you!

lawrence

We're facing a similar challenge on our end as well. The current process for generating Client API tokens is quite tedious, especially since each scope has to be selected manually. Compared to OAuth access tokens or token-based authentication—where all scopes are granted by default and permissions are based on the user's profile—the Client token approach feels inefficient and labor-intensive.

It would be ideal if Glean offered a way for individual users to generate, retrieve, and rotate their own API tokens on demand. A self-service model like this would remove the dependency on admins and greatly streamline access.

Internally, we’ve built a few services and sites that integrate with the Glean API to run queries based on user input. To respect access controls, we generate a Glean token on the backend using the authenticated user's email address, via token-based authentication tied into our identity services. This token is then used to interact with the Glean API.

We're also exploring whether to integrate this into our internal identity portal—so users could simply click a button to get their Glean token or call an internal API for it. One caveat we're factoring in is that these tokens only last two hours, which may impact usability for longer sessions or automation use cases

Getting Started

Events

Help Center

glean.com