Is there a way to disable "Remote Access API" token generation for users?

or restrict it for some users

Having the token provides the ability/possibility for the users to share/leak their credentials with others and bypass any SSO requirement.

 

So Users should not be sharing credentials which means sharing an identity in the system, the issue with the tokens is usually they are used in the scripts, so they are prone to get leaked or shared or even committed to code, my plan is to ban the ability to generate tokens and only create some local Jenkins users with limited access to perform the action required. rather than allowing all users with different levels of access to generate tokens and create a possibility for someone to get impersonated.