Generate an Admin Access Token
To implement SCIM with any authentication tool, you will need to generate an admin access token in the JFrog Platform, and then use that token in the authentication tool setup.
- In the JFrog Platform, create an admin token by navigating to Admin | Identity and Access | Access Tokens.
- Click +Generate Admin Token.
This displays the Generate Admin Token dialog.
- In the Select Service field, select Artifactory.
- In the Set token expiry field, select Never Expires.
- Click Generate
Copy the generated token.
The token can be revoked at any time via the same page. As with any other security token, it is recommended to revoke the token and recreate it occasionally for security reasons. The authentication tool configuration should be adjusted accordingly.
- Go to the authentication tool you will be using with SCIM and follow the steps for that tool.
The JFrog SCIM implementation currently supports the following scenarios.
Disabling and Re-Enabling Users Using SCIM
Using SCIM, you can disable and re-enable users in the JFrog Platform.
- Go to the identity provider tool (Okta, Azure Active Directory, etc.), and select the relevant provisioning. If the SCIM option does not appear, refer to the relevant documentation for additional information (Okta, Azure).
- In the Provisioning section, set the following details according to the tool. The steps below are examples of the tools you can use.
- Go to the Provisioning tab.
- Set the options Update User Attributes and the Deactivate Users to the To App settings.
- Go to the Integration page.
- Set the SCIM connector base URL to:
In the Unique identifier field for users, enter userName.
- In the Supported provisioning actions field, select the option Push Profile Updates.
- From the Authentication Mode dropdown, select HTTP Header and then paste the admin token you created in the JFrog Platform (see Generate an Admin Access Token).
For more information, refer to the Okta tutorial how to configure the SCIM application.
- Navigate to Provisioning | Getting started | Automatic.
- Enter the Tenant URL:
- In the Secret Token field, enter the admin access token from your JFrog Platform.
- Click Test Connection and wait for the message that confirms that the credentials are authorized to enable provisioning.
- Click Save.
- Turn on Provisioning Status, and click Save again.
For more information, refer to the Azure AD tutorial on how to configure the SCIM application.
The application's assignments will now be synchronized with the Access database per each disable/re-enable of a user.