Create a management token
Use the Admin UI or the influxctl management create command
to manually create a management token.
By default, management tokens are short-lived tokens issued by an OAuth2 identity provider that grant a specific user administrative access to your InfluxDB Cloud Dedicated cluster. However, for automation purposes, you can manually create management tokens that authenticate directly with your InfluxDB cluster and do not require human interaction with your identity provider.
For automation use cases only
The tools outlined below are meant for automation use cases and should not be used to circumvent your identity provider. Take great care when manually creating and using management tokens.
InfluxDB Cloud Dedicated requires that at least one user associated with your cluster and authorized through your OAuth2 identity provider to manually create a management token.
The InfluxDB Cloud Dedicated administrative UI includes a portal for creating and managing management tokens.
To access the InfluxDB Cloud Dedicated Admin UI, visit the following URL in your browser:
https://console.influxdata.com
Use the credentials provided by InfluxData to log into the Admin UI. If you don’t have login credentials, contact InfluxData support.
Click the Management Tokens button in the upper right corner of the Account Management portal.
In the Management Tokens portal, click the New Management Token button. The Create Management Token dialog displays.
You can optionally set the following fields:
- Expiration date: Set an expiration date for the token
- Expiration time: Set an expiration time for the token
- Description: Enter a description for the token
- If an expiration isn’t set, the token does not expire until revoked.
Click the Create Token button. The dialog displays the Token secret string and the description you provided.
If you haven’t already, download and install the
influxctlCLI.Use the
influxctl management createcommand to manually create a management token. Provide the following:- Optional: the
--expires-atflag with an RFC3339 date string that defines the token expiration date and time–for example,<span class="current-date nowrap" offset="1" trim-time="false">2025-10-12T00:00:00Z</span>. If an expiration isn’t set, the token does not expire until revoked. - Optional: the
--descriptionflag with a description for the management token in double quotes"".
- Optional: the
influxctl management create \
--expires-at RFC3339_EXPIRATION \
--description "TOKEN_DESCRIPTION"Replace the following:
RFC3339_EXPIRATION: An RFC3339 date string to expire the token at–for example,<span class="current-date nowrap" offset="1" trim-time="false">2025-10-12T00:00:00Z</span>.TOKEN_DESCRIPTION: Management token description.
Once created, the command returns the management token string.
Store secure tokens in a secret store
Management token strings are returned only on token creation. We recommend storing database tokens in a secure secret store. For example, see how to [authenticate Telegraf using tokens in your OS secret store](https://github.com/influxdata/> telegraf/tree/master/plugins/secretstores/os).
Was this page helpful?
Thank you for your feedback!
Support and feedback
Thank you for being part of our community! We welcome and encourage your feedback and bug reports for InfluxDB Cloud Dedicated and this documentation. To find support, use the following resources:
Customers with an annual or support contract can contact InfluxData Support.