docs: api tokens are managed by idm_admin (#2072)

Confirmed with: - test on local server - https://github.com/kanidm/kanidm/issues/1480
2025-05-22 00:43:54 +02:00 · 2023-09-04 13:40:59 +02:00 · 2023-09-04 13:40:59 +02:00 · acce84edd5
parent bea9af0b96
commit acce84edd5
1 changed files with 10 additions and 10 deletions
--- a/book/src/accounts_and_groups.md
+++ b/book/src/accounts_and_groups.md
@ -138,17 +138,17 @@ and other auditing information attached.
 To show api tokens for a service account:

 ```bash
-kanidm service-account api-token status --name admin ACCOUNT_ID
-kanidm service-account api-token status --name admin demo_service
+kanidm service-account api-token status --name idm_admin ACCOUNT_ID
+kanidm service-account api-token status --name idm_admin demo_service
 ```

 By default api tokens are issued to be "read only", so they are unable to make changes on behalf of
 the service account they represent. To generate a new read only api token:

 ```bash
-kanidm service-account api-token generate --name admin ACCOUNT_ID LABEL [EXPIRY]
-kanidm service-account api-token generate --name admin demo_service "Test Token"
-kanidm service-account api-token generate --name admin demo_service "Test Token" 2020-09-25T11:22:02+10:00
+kanidm service-account api-token generate --name idm_admin ACCOUNT_ID LABEL [EXPIRY]
+kanidm service-account api-token generate --name idm_admin demo_service "Test Token"
+kanidm service-account api-token generate --name idm_admin demo_service "Test Token" 2020-09-25T11:22:02+10:00
 ```

 If you wish to issue a token that is able to make changes on behalf of the service account, you must
@ -156,17 +156,17 @@ add the "--rw" flag during the generate command. It is recommended you only add
 api-token is performing writes to Kanidm.

 ```bash
-kanidm service-account api-token generate --name admin ACCOUNT_ID LABEL [EXPIRY] --rw
-kanidm service-account api-token generate --name admin demo_service "Test Token" --rw
-kanidm service-account api-token generate --name admin demo_service "Test Token" 2020-09-25T11:22:02+10:00 --rw
+kanidm service-account api-token generate --name idm_admin ACCOUNT_ID LABEL [EXPIRY] --rw
+kanidm service-account api-token generate --name idm_admin demo_service "Test Token" --rw
+kanidm service-account api-token generate --name idm_admin demo_service "Test Token" 2020-09-25T11:22:02+10:00 --rw
 ```

 To destroy (revoke) an api token you will need it's token id. This can be shown with the "status"
 command.

 ```bash
-kanidm service-account api-token destroy --name admin ACCOUNT_ID TOKEN_ID
-kanidm service-account api-token destroy --name admin demo_service 4de2a4e9-e06a-4c5e-8a1b-33f4e7dd5dc7
+kanidm service-account api-token destroy --name idm_admin ACCOUNT_ID TOKEN_ID
+kanidm service-account api-token destroy --name idm_admin demo_service 4de2a4e9-e06a-4c5e-8a1b-33f4e7dd5dc7
 ```

 Api tokens can also be used to gain extended search permissions with LDAP. To do this you can bind