---
title: "Access tokens and policies | Grafana Labs"
description: "Understanding how collectors authenticate with Fleet Management"
---

> For a curated documentation index, see [llms.txt](/llms.txt). For the complete documentation index, see [llms-full.txt](/llms-full.txt).

## Access tokens

**Access tokens** allow collectors to authenticate with Fleet Management. You’ll create one and add it to your collector configuration.

## How it works

| Concept           | What it is                                      |
|-------------------|-------------------------------------------------|
| **Access policy** | Defines what read/write permissions a token has |
| **Access token**  | The credential generated from a policy          |

## Required scopes

| Scope                  | Purpose                                                                                  |
|------------------------|------------------------------------------------------------------------------------------|
| `set:alloy-data-write` | Lets Alloy collectors register, report health, and receive remote configurations         |
| `set:otel-data-write`  | Lets OpenTelemetry collectors register, report health, and receive remote configurations |

## Where the token goes

![Copy code to clipboard](/media/images/icons/icon-copy-small-2.svg) Copy

```none
remotecfg {
    url = "https://fleet-management-<CLUSTER>.grafana.net/"
    basic_auth {
        username = "<INSTANCE_ID>"
        password = "<YOUR_ACCESS_TOKEN>"  // ← token goes here
    }
}
```

> In the learning path, you’ll create an access token and use it to register your Alloy collector.