Generating an Admin Access Token
To implement SCIM with any identity service, you will need to generate an admin access token in the JFrog Platform, and then use that token in the identity service setup.
- In the JFrog Platform, create an admin token by navigating to Admin | Identity and Access | Access Tokens.
- Click +Generate Admin Token.
This displays the Generate Admin Token dialog.
- In the Select Service field, select Artifactory.
- In the Set token expiry field, select Never Expires.
- Click Generate
Copy the generated token.
The token can be revoked at any time via the same page. As with any other security token, it is recommended to revoke the token and recreate it occasionally for security reasons. The identity service configuration should be adjusted accordingly.
- Go to the identity service you will be using with SCIM and follow the steps for that tool. We have used Okta and Azure Active Directory (AD) to verify this capability:
- Go to the identity service (for example, Okta, Azure AD, etc.), and select the relevant provisioning.
- In the Provisioning section, set the following details according to the tool. The steps below are examples of the tools you can use.
- Go to the Provisioning tab.
- Set the options Create Users, Update User Attributes, and Deactivate Users to the To App settings.
- Go to the Integration page.
- Set the SCIM connector base URL to:
In the Unique identifier field for users, enter the userName.
- In the Supported provisioning actions field, select all of the following options:
- Import New Users and Profile Updates
- Push New Users
- Push Profile Updates
- Push Group.
- From the Authentication Mode dropdown, select HTTP Header and then paste the admin token you created in the JFrog Platform (see Generate an Admin Access Token).
For more information, refer to the Okta tutorial how to configure the SCIM application.
Follow these guidelines by specifying :
- Tenant URL:
- Secret: Enter the admin access token from your JFrog Platform