Skip to main content
Version: v4.18

Embed the Cyral access tokens button into your website

Cyral offers an embeddable button to give data users quick access to their Cyral access tokens that can be used for database authentication. To enable this feature, your web team must embed the button on an access portal page or similar web page accessible to your data users.

About the access tokens button

Clicking the Cyral access tokens button opens a Cyral login window as a popup. If the user has already authenticated, a popup window displays a table listing all existing access tokens. Users can manage their existing tokens and create new ones for authenticating to databases through familiar routes like the command line or a query tool.

For more information about access token management, see Manage Access Tokens.

Embed the access tokens button

To embed the Cyral access tokens button on a web page, add the following code to the page:

<button id="CyralTokenButton">
${BUTTON_TEXT}
</button>
<script>
document.getElementById('CyralTokenButton').addEventListener('click', () => {
window.open(
'${CONTROL_PLANE_URL}/app/token?minimized=true&idp=${IDP_APP_NAME}',
'CyralTokenMinimizedWindow',
'width=400,height=263,menubar=no,toolbar=no'
)
})

There are a two values you must provide in your button code, and an optional IDP_APP_NAME value you can include:

  • BUTTON_TEXT is required. This is the display text that will appear on the button, e.g. "Manage Access Tokens".

  • CONTROL_PLANE_URL is required. This is the URL of the Cyral control plane that will provide the popup when the user clicks the button.

  • IDP_APP_NAME is optional. If your Cyral installation uses more than one identity provider ("IdP"), but you want this button to provide tokens from only one IdP, you can specify that IdP here.

    By specifying the IdP, you allow your user to bypass Cyral's IdP selector screen, shown here:

    Provide the IDP_APP_NAME in the format explained on the SSO setup page.

    Specifying the IDP_APP_NAME is useful when you're embedding the button on a page that already requires login via the same IDP. In this case, the user will not be required to re-login after clicking the button; they can immediately manage their Cyral access tokens.