Organization admins now have greater control over how personal access tokens are used within their organizations.

• De-authorize tokens: Admins can now de-authorize personal access tokens created by users in their organization.
• Enforce manual authorization: Admins can require users to manually authorize their tokens against the organization before use.
• For token issuers: When manual authorization is enforced, users creating tokens will need to explicitly authorize them to gain organization access.

These controls help organizations prevent unauthorized token use and strengthen overall security without disrupting existing workflows. Learn more about managing and authorizing tokens in our documentation