Add latest changes from gitlab-org/gitlab@13-4-stable-ee

1 files changed, 17 insertions, 2 deletions

diff --git a/doc/user/admin_area/credentials_inventory.md b/doc/user/admin_area/credentials_inventory.md
index 9259c93cfa3..7f2d49dafea 100644
--- a/doc/user/admin_area/credentials_inventory.md
+++ b/doc/user/admin_area/credentials_inventory.md
@@ -13,7 +13,7 @@ type: howto
 
 GitLab administrators are responsible for the overall security of their instance. To assist, GitLab provides a Credentials inventory to keep track of all the credentials that can be used to access their self-managed instance.
 
-Using Credentials inventory, GitLab administrators can see all the personal access tokens and SSH keys that exist in their instance and:
+Using Credentials inventory, you can see all the personal access tokens (PAT) and SSH keys that exist in your GitLab instance. In addition, you can [revoke them](#revoke-a-users-personal-access-token) and see:
 
 - Who they belong to.
 - Their access scope.
@@ -25,4 +25,19 @@ To access the Credentials inventory, navigate to **Admin Area > Credentials**.
 
 The following is an example of the Credentials inventory page:
 
-![Credentials inventory page](img/credentials_inventory_v13_2.png)
+![Credentials inventory page](img/credentials_inventory_v13_4.png)
+
+## Revoke a user's personal access token
+
+[Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/214811) in GitLab 13.4.
+
+If you see a **Revoke** button, you can revoke that user's PAT. Whether you see a **Revoke** button depends on the token state, and if an expiration date has been set. For more information, see the following table:
+
+| Token state | [Token expiry enforced?](settings/account_and_limit_settings.md#optional-enforcement-of-personal-access-token-expiry) | Show Revoke button? | Comments |
+|-------------|------------------------|--------------------|----------------------------------------------------------------------------|
+| Active      | Yes                    | Yes                | Allows administrators to revoke the PAT, such as for a compromised account |
+| Active      | No                     | Yes                | Allows administrators to revoke the PAT, such as for a compromised account |
+| Expired     | Yes                    | No                 | PAT expires automatically                                                  |                                      
+| Expired     | No                     | Yes                | The administrator may revoke the PAT to prevent indefinite use             | 
+| Revoked     | Yes                    | No                 | Not applicable; token is already revoked                                   | 
+| Revoked     | No                     | No                 | Not applicable; token is already revoked                                   |