Cloud customer?
Start for Free >
Upgrade in MyJFrog >
What's New in Cloud >



Your profile page is used to manage the following aspects of your user profile:

To display your profile page, click your login name on the top right-hand corner of the page.

Page Contents

Viewing the Profile 

To display your profile page, click your login name on the top right-hand corner of the screen.

Unlocking Your Profile

To edit your profile, you first need to unlock it by entering your current password and clicking Unlock.

Once unlocked, you can modify all the elements of your user profile.

Be sure to click Save to save any changes to your profile.

Using external authentication

 If you are using an external authentication server (such as OAuth SSO, or SAML SSO ), you can ask your administrator to give you access to your API key, and SSH public key without having to unlock your profile.

Changing your Personal Settings

 Personal settings include your Artifactory API Key, password and email address.

A user can update their profile details (except for the password. Only an administrator can update the password) when the Can Update Profile field is enabled for the user.

Note that there may be cases in which you want to leave this unset to prevent users from updating their profile. For example, a departmental user with a single password shared between all department members.

You are not able to change your password if the system is configured to use external authentication such as LDAP.  For example, if users from LDAP are not created internally (i.e. Administration | Security | LDAP | LDAP Settings and the Create Internal Users is disabled.


Artifactory allows authentication for REST API calls using your API key as an alternative to your username and password in two ways: either by using the X-JFrog-Art-API header with which you can specify an API key , or through basic authentication using your username and API key (instead of your password). For more details, refer to the REST API Documentation.

Artifactory version

To use your API key for authentication, it must be generated using Artifactory 4.4.3 or later. If generated prior to 4.4.3, you must regenerate your API key and use the new key as a password for basic authentication.

Creating an API Key

To create an API Key, once you have unlocked your profile, click the Generate button next to the API Key field.

Revoking or Regenerating an API Key

Once an API Key is created, it is displayed, masked, in the corresponding field. Click the View icon to see the API Key in clear-text, or the Copy icon to copy the API Key to the clipboard.

To revoke the current API Key, click Revoke API Key. Note that any REST API calls using the current API key for authentication will no longer be valid.

You may revoke the current API Key and create a new one in a single action by clicking Regenerate. Any REST API calls using the current API key for authentication will no longer be valid, until you replace the API Key with the new one you just generated.


The following REST API endpoints are available with regard to API Keys:

Create API Key
Create an API key for the current user.
Get API Key
Get the current user's own API key.
Revoke API Key
Revokes the current user's API key.
Revoke User API Key
Revokes the API key of another user (requires Admin privileges).
Revoke All API Keys
Revokes all API keys currently defined in the system (requires Admin privileges).

Identity Token 

The user profile enables users to generate identity tokens. Any user can create a user identity token for themselves via the UI. Identity tokens are scoped tokens, which means that they provide limited and focused permissions, making them more secure and, therefore, preferable to API keys. In addition, when a user is deleted/disabled, their tokens are also revoked. For more information, see Access Tokens.

  1. To generate the token, click Generate an Identity Token.

    This opens the Generate Identity Token window with the new token.
  2. Click Copy to copy the token.

Revoking the Identity Token

Currently identity tokens can only be revoked through the Revoke Token API.

Changing Your Password and Email

Once your profile is unlocked, Artifactory displays your password in an encrypted format that can be used whenever you need to provide your password in an environment that is not secure. For example, when making REST API calls over HTTP.

The encrypted password is initially masked, but you may click the View icon to view the encrypted password in clear-text. You may also click the Copy icon to copy the encrypted password to the clipboard.

To change your Artifactory password, enter your new password and verify it.

You can also modify your email address.

For more information about using secured passwords with your profile, please refer to Centrally Secure Passwords.

Password Reminder

If you forget your password, on the Artifactory Login dialog, select Forgot Password, and enter your username in the following dialog that is displayed.

When you click Submit, the system will send a message to the email address configured for your user account, with a link you can click on to reset your password.


Artifactory supports authentication via SSH for the Git LFS client and the  JFrog CLI.

To be authenticated via SSH, you need to enter your SSH public key in the SSH Public Key (RSA) field.

Binding OAuth Accounts

Artifactory is integrated with OAuth allowing you to log in through your account with one of the configured OAuth providers. To do so, you need to bind your OAuth account to your Artifactory user by clicking Click to bind next to the corresponding OAuth provider. For more details, please refer to OAuth SSO Integration

OAuth user binding

Copyright © 2022 JFrog Ltd.