Skip to content
IntelliAuth

Bulk operations

When you need to apply the same action to many applications at once, the bulk-operations toolbar saves clicking through each. Five clicks for "disable all deprecated apps" instead of one click per app.

Activate bulk mode

Section titled “Activate bulk mode”

Application list → checkbox at the start of any row. Selecting one shows the bulk-action toolbar at the top of the list:

  • Disable selected
  • Enable selected
  • Delete selected (red, requires confirmation)
  • Tag selected (add a tag to all)
  • Untag selected (remove a tag from all)
  • Rotate secrets (only applicable when all selected are server-side / M2M)

Select multiple rows by checkbox click; select all rows in the current filter with the header checkbox.

A typical workflow

Section titled “A typical workflow”

You're decommissioning a discontinued product. Five applications belong to it. Plan:

  1. Tag each of the five with deprecated:product-name.
  2. Filter the list on the tag.
  3. Select all (one click).
  4. Disable bulk.
  5. Wait two weeks; monitor audit log for any failed oauth.token_request attempts. None? Good.
  6. Filter again, select all, delete bulk. Confirm.

The whole sequence is ~10 clicks across two visits. Without bulk, it's ~30 clicks each visit.

What's audit-logged

Section titled “What's audit-logged”

Bulk operations record one parent event ("bulk-disable applied to 5 applications") plus one child event per application (the individual state change). The parent has the actor + timestamp + the filter that produced the selection; each child carries the per-application before/after state.

The audit log shows both views — drill into the parent to see the children; click any child to see only that application's state change.

Per-id results

Section titled “Per-id results”

Bulk operations apply atomically per id (one application either succeeds or fails), but the bulk as a whole doesn't fail if one item does. If 4 of 5 disabled and 1 failed (e.g., locked by another admin's concurrent edit), the toast shows "4 disabled, 1 failed" with a link to the failed application's detail page.

This means a partial result is possible. Re-run the bulk action on the failed item alone, or fix the underlying issue and retry.

Rotate secrets in bulk

Section titled “Rotate secrets in bulk”

The platform supports bulk secret rotation across server-side / M2M applications. The catch: each rotation produces a new secret that you have to copy.

The UI handles this by showing the new secrets in a paginated modal — one application at a time. You copy each, click next, paste into your secret manager, repeat. Don't dismiss the modal until you've copied them all; the platform won't show them again.

For very large rotations (50+ apps), prefer scripting via the management API — the SDK can iterate + write straight to your secret manager without manual paste.

Bulk delete — the heavy operation

Section titled “Bulk delete — the heavy operation”

Delete is irreversible. The modal asks you to type delete to confirm; the audit log records who deleted what + when.

After deletion:

  • Each application's client_id is permanently retired. Never reissued.
  • Tokens already issued by deleted apps expire on their own; no immediate revocation.
  • The audit log entries about the deleted apps remain (per the tenant's retention policy).

Only bulk-delete things you're certain are safe to remove. If unsure, bulk-disable first; come back next quarter and clean up.