I've set up the access token strategy for a GitHub organization so that access token require admin approval. As the picture below says: "All access requests by organization members to this organization must be approved before the token is usable."

However I do not find anywhere where such a request can be made.

We have a bot account that's supposed to post issues on one of the organization's private repositories. When creating a personal access token (fine grained) for the bot account, no such request is being made (and no access is given) and there is no option to pick a repository from the organization or something along those lines.

So how do you send a request for access token permission to an organization?

The process for Personal Access Tokens (PAT) permission to a GitHub organization is like this:

1. Enabled PATs on the Organization's (not your personal!) Settings, at .../settings/personal-access-tokens-onboarding (or modify them on ../settings/personal-access-tokens)

2. Go to Account settings > Developer settings > Fine-grained tokens. For an Org, you must use YOUR (or the Bots', not the Orgs!) Setttings, and change the Resource owner from you to the Org on this screen.

3. The Orgs's .../settings/personal-access-token-requests should now show the request to approve.

4. If you create a PAT for an Org Owner, it's directly granted, and shows up on the Org's .../settings/personal-access-tokens/active

So how do you send a request for access token permission to an organization ?

It seems to be done automatically, according to the documentation:

When organization members create a fine-grained personal access token to access resources owned by the organization, if the organization requires approval for fine-grained personal access tokens, then an organization owner must approve the token before it can be used to access any resources that are not public.
For more information, see "Setting a personal access token policy for your organization."

GitHub will notify organization owners with a daily email about all fine-grained personal access tokens that are awaiting approval.

When a token is denied or approved, the user who created the token will receive an email notification.

Check first if an email is received (assuming the email associated to your bot is accessible).

this point select Resource owner

first to generate token in your profile that have access to generate token or he owner of organization:

settings, developer settings at bottom, Personal access tokens, Fine-grained tokens, Generate new token

then the point important change Resource owner and select your organization

to access direct same page in the image try visit this url

https://github.com/settings/personal-access-tokens/new

here select repo the token will have access to it (optional step but show repos of organizations, if you selected your profile you will see only your profile repositories

! please note you can disable requests for generate token which will allow generate token without wait for approval so no request approval needed

also to be able to clone the repo you have to set content permission read and write for this token

finally to clone repo using your generated private token use this command and update variables linux

sudo git clone https://@github.com/[org-name]/repository.git

you can manage your organization settings to see organizationtokens request, or allow direct generate token without permission from admin based on your org rules

here in your profile settings, you can switch to your organizations settings

to see pending tokens request from organization settings menu select pending requests

and from organization settings you can manage the permissions for work with tokens

you can direct access previous image using this url, make sure to update with your organization name

https://github.com/organizations//settings/personal-access-tokens