Launching Organization Access Tokens for the Pulumi Service

Pulumi has introduced Organization Access Tokens to cater to the growing demand from enterprise clients for efficient management of automated workloads, such as CI/CD and Automation API, securely and collaboratively. Unlike Personal Access Tokens, which are tied to individual users and can cause issues when users leave an organization, these new tokens are linked to the organization itself and can be used without being associated with a specific user identity. This ensures continuity in automated processes and adheres to the principle of least privilege, reducing unnecessary access permissions. Organization Access Tokens offer write permissions to stacks and are particularly beneficial for enterprises using SSO/SAML/SCIM, as exemplified by the customer Fauna, who faced challenges with their previous user-based token system after integrating with Pulumi's SSO. The tokens, which can only be managed by Organization Admins, provide a one-time value upon creation and can be logged for security and auditing purposes, with detailed records of actions in the Audit Logs. This enhancement is available to Enterprise and Business Critical customers, as well as those on a trial version of Pulumi Service.