In pre-2.16 versions of Cyral, users cannot see the Get Tokens page, by default. Here's how to grant them access to the page
Summary: If your users cannot see the Your Access Token button, then you must map their SSO group to a Cyral role as explained below.
In Cyral, a person's username or group membership determines what capabilities they will have in the Cyral service, such as the ability to find a repository and get an access token, or the ability to manage other repository users.
Most installations give repository users access to the Your Access Token button by default. If yours does not, then follow these steps to enable your data users to use Cyral to find repositories and get tokens to connect to them:
In the Cyral management console, click Account Users at the lower left corner.
Click Manage Roles in the upper right.
Click the name of the role you use for repository users. This role should have the right to View Sidecars and Repositories. Typically, this is the User role, but it may be called DBuser in your environment.
In the Edit Role window, make sure your users' SSO Group has an entry in the Map SSO groups to this role list. If there's no entry for the group to which your users belong, click Add New Mapping to add it now. A common practice in Okta environments is to add a mapping like the following, where you'll replace
Oktawith the name you gave to your Okta integration in Cyral.
SSO GROUP NAME IDENTITY PROVIDER Everyone Okta