When downloading a local atom from Boomi platform, there is a security options section which allows you to generate a token and define how long it valid for (minimum 30 minutes and maximum 24 hours).
This is particularly helpful and a good practice to follow whenever you need to install a Boomi atom onto a server.
Here is one scenario to share how this would work:
A Boomi Administrator (Person A) is seeking help from a Server Administrator (Person B) to install an atom onto one of their managed servers. As a Boomi Admin, it would be troublesome to share your Boomi credential with the Server Admin just to get past the authorization check required during the atom installation process. In this case, the Boomi Admin/User (who has permission) can generate a token, then just share the token with the Server Admin. The limited validity of the token comes in handy in this (and other examples) as there is security in knowing the token will expire (in a set period of time) if leaked to any Tom, Dick and Harry.
With the token, it also skips the step where the Server admin needs to select the specific Boomi account which he/she needs to install the atom for. This is particularly confusing if the Boomi user has access to more than multiple Boomi accounts (i.e. sub-account).
Check out step 4 in this article to familiarise yourself with the security option while downloading an atom.