Support Authentication for Non-existing Users

JFrog Platform Administration Documentation


One of the big advantages of access tokens is the fact that you can check authorization based on a group in Artifactory, rather than on a user. When creating a group token, Artifactory will authorize with the group's permissions and that authorization will only exist as long as the token is valid. This can be useful when providing access to different tools such as a CI server coordinating a build without having to manage fake user accounts. This method is also more secure since you can assign a new token for each "job" that the external tool runs.

Artifactory Administrator Only

Note that this feature is only available for Artifactory administrators, since non-admin users can only create tokens with themselves as the Subject.

You can create a group scoped token that can be used when you want to authenticate without creating or using a specific user. The group privileges apply to the group scoped token.

To create a group scoped token using the Platform UI, see Creating a Group Scoped Token.

Alternatively, you can create a group token using the Create Token REST API where the scope is as follows:Create Token


If there are multiple groups, the groups are separated by commas and use quotes, as in the following examples:


Usage Example

curl -H "Authorization: Bearer $TOKEN" -XPOST "http://artifactory-up:8082/access/api/v1/tokens" -d  '{"description" : "test", "scope" : "applied-permissions/groups:group_1,group_2", "include_reference_token" : "true", "refreshable" : "true"}' -H "Content-type: application/json"