The Administration page exposes tenant-wide settings. Today it controls the personal access token expiry policy — whether tokens get an automatic expiry date when they’re minted, and how many days they last.
Who can access this page
Only users with the admin role on the connector see the Administration item in the left navigation. Regular users won’t notice the page exists.
The token expiry policy #
Open Administration. The Token Expiry Policy panel has two controls:
- Automatic expiry — a switch. When On, every newly minted token gets an expiry date N days from creation. When Off, tokens are No expiry and only stop working when explicitly revoked.
- Lifetime (days) — the number of days for the automatic expiry. Only shown when the switch is On.
Save changes #
Change either control and the Apply button enables. Select it to commit the new policy.
Existing tokens are not affected. The expiry policy applies only to tokens minted after the change. Existing tokens keep the expiry they were assigned at creation (or stay non-expiring if they were minted under an Off policy).
Choosing a policy #
- A short lifetime (30-90 days) is safer if tokens might leak — but everyone has to rotate the credentials in Power BI before each expiry.
- A long lifetime (365+ days) reduces rotation friction but increases the blast radius of a leaked token. Pair it with disciplined use of token labels and prompt revocation when a laptop changes hands.
- Off (no expiry) is appropriate only for tightly controlled environments where the connector users are a small, audited set.
Related #
- Manage access tokens
- View activity history — every token issuance and revocation is logged.
