Generate a Scoped Token for SCIM

JFrog Platform Administration Documentation

Content Type
Administration / Platform

WebUI Changes implemented in Artifactory 7.38.x and above

Security is now called Authentication Providers. All the relevant text and images on this page have been updated to reflect this change.

To implement SCIM with any identity service, you will need to generate an admin access token in the JFrog Platform, and then use that token in the identity service setup. The actions granted to this token are system:identities:r,w,d; whereby the following rules apply:

  • Read, write, delete on users and groups only

  • It is not possible to regenerate another token

To generate a scope token:

  1. In the JFrog Platform, navigate to Administration | Authentication Providers | SCIM.

    This displays the SCIM Configurations window.


    To connect an identity service with your JFrog Platform, you will need both the SCIM connector base URL and a generated token.

  2. Click the copy button next to the URL and paste it into the identify service's SCIM settings.

  3. Click the Generate Token button, and then click the Copy Token button, and paste the token into the identify service's SCIM settings.

    Security Note

    The token can be revoked at any time via the same page. As with any other security token, it is recommended to revoke the token and recreate it occasionally for security reasons. The identity service configuration should be adjusted accordingly.

  4. Go to the identity service you will be using with SCIM and follow the steps for that tool. We have used Okta and Azure Active Directory (AD) to verify this capability:

  5. Go to the identity service (for example, Okta, Azure AD, etc.), and select the relevant provisioning.

  6. Set the provisioning details according to the tool that you use.