Home
Managing security
HCL Launch uses a flexible team-based and role-based security model that maps to your organizational structure.
Tokens
Tokens provide authorization for agents, agent relays, users, and external systems or applications from the server. Agents use tokens when they run process steps and communicate with the HCL Launch server and external services.
Token expiration settings
Tokens provide authorization for agents, agent relays, users, and external systems or applications from the server. Agents use tokens when they run process steps and communicate with the HCL Launch server and external services. In the Security settings area, you can set time limits for four tokens types.

Managing security
HCL Launch uses a flexible team-based and role-based security model that maps to your organizational structure.
- Guidelines for setting up server security
  Although there is no single best way to set up security for the server, the following steps are sufficient in most cases.
- SSL configuration
  With Secure Sockets Layer (SSL) technology, clients and servers can communicate securely by encrypting all communications. Data is encrypted before it is sent and decrypted by the recipient. This communication cannot be deciphered or modified by third-parties. In addition to encryption, SSL can also support authentication.
- Authorization realms
  Use the Authorization Realms pane to create authorization realms and user groups for the server. Groups can be imported from external systems, such as LDAP.
- Authentication realms
  Authentication realms manage users and determine user identity within authorization realms for the server.
- Roles and permissions
  A role is a list of permissions that users have on the HCL Launch server. These permissions include the ability to create, edit, and delete objects, such as applications, environments, and components. The permission also includes the parts of the server interface that users can access.
- Security teams
  Users and groups on the server are assigned roles when they are added to teams.
- Security types
  Security types define categories of objects on the server. You can put all objects into a single category, or you can put them in separate categories and give roles different access rights to different categories.
- Tokens
  Tokens provide authorization for agents, agent relays, users, and external systems or applications from the server. Agents use tokens when they run process steps and communicate with the HCL Launch server and external services.
  - Restricting authentication tokens
    Limit authentication token actions by applying token restrictions to process plug-in steps.
  - Token expiration settings
    Tokens provide authorization for agents, agent relays, users, and external systems or applications from the server. Agents use tokens when they run process steps and communicate with the HCL Launch server and external services. In the Security settings area, you can set time limits for four tokens types.
  - Updating the agent relay authentication token password
    The authentication token password for the agent relay is specified during installation of the agent relay. You can update the authentication token and provide a password for the token by updating the agent relay properties file.
- Checking and resetting the API key and certificate for agents
  You can view the API key of an agent and reset the key.

Token expiration settings

Tokens provide authorization for agents, agent relays, users, and external systems or applications from the server. Agents use tokens when they run process steps and communicate with the HCL Launch server and external services. In the Security settings area, you can set time limits for four tokens types. Two tokens types work with plug-ins that enable discovering and applying configurations. The third type is used when component versions are automatically imported. You can set the how much time elapses before the token expires and if you want to use the default auth token restrictions.

The tokens are generated automatically when the steps are run. The first three tokens use the built-in UC Auto Configure, UC Auto Discovery, and UC Version Import users and their permissions. The plug-in token has the permissions of the user who requests the process that plug-in runs from. These tokens are the same as those that you can create in the user interface and a command-line interface. See Tokens. Go to the HCL Plug-ins website to access plug-ins that work with HCL Launch and provide steps that create these tokens.

To access the Security settings area, click Settings, click System Settings, and then scroll down.

You can specify these expiration delays for tokens:

Discovery Auth Token Expiration Delay (seconds): Set the expiration delay in seconds for authorization tokens that are created for autodiscovery steps. You must specify at least 300 seconds. Typically, discoveries do not require more than 300 seconds (5 minutes).
Configure Auth Token Expiration Delay (seconds): Set the expiration delay in seconds for authorization tokens that are created for auto configuration steps. You must specify at least 300 seconds. Be sure to specify sufficient time for auto configuration, because the step processes stop when the token expires.
Version Import Auth Token Expiration Delay (seconds): Set the expiration delay in seconds for authorization tokens that are created for version import steps. You must specify at least 300 seconds. The time required to import versions depends on component size.
Plugin Step Auth Token Expiration Delay (seconds): Set the expiration delay in seconds for authorization tokens that are created for plug-in steps. You must specify at least 300 seconds. The time required to import versions depends on component size.