# Managing Scoped Organization Tokens *This feature is only available in the Team and Enterprise plans.* Scoped Organization Tokens are used to run analyses on your code. To do so, the `sonar.token` property is used. For more details see [Analysis parameters](/sonarqube-cloud/analyzing-source-code/analysis-parameters.md#authentication-to-the-server). You must be an organization admin to be able to retrieve and manage Scoped Organization Tokens. This section explains how to do this in the UI. You can also use the [Authentication domain API](https://api-docs.sonarsource.com/sonarqube-cloud/default/public-externalauthentication-0-0). ## About Scoped Organization Tokens Scoped Organization Tokens provide a secure way to manage non-user-specific authentication. Attached to an organization, they are created and managed by the organization admin who can revoke them anytime. Revoked tokens are automatically deleted. {% hint style="warning" %} Scope Organization Tokens are not yet supported with Azure DevOps service connections. {% endhint %} ### Security and scope Scoped Organization Tokens adhere to the principle of least privilege by defining their scope in two ways: * Project Access: You specify which projects within the organization the token can access. This can be a custom selection of existing projects, or you can grant access to all current and future projects. * Permissions: You define the specific permissions granted by the token. {% hint style="warning" %} Scope Organization Tokens can only be granted the Execute analysis permission. Support for additional permissions is planned for the near future. {% endhint %} ### Status and expiration You can define any expiry date for your Scoped Organization Token, or no expiration. The different token statuses are: * Active * About to expire (in less that 7 days) * Expired {% hint style="info" %} For security reasons, tokens without expiry date that have been inactive for 60 days will be automatically removed. {% endhint %} ### Management and identification Scoped Organization Tokens are identified through their `sqco_` prefix. SonarQube's S7791 rule can verify the non-disclosure of Scoped Organization Tokens within your code. ## Retrieving and viewing Scoped Organization Tokens 1. Retrieve your organization. See [Retrieving your organizations](/sonarqube-cloud/getting-started/viewing-organizations.md) for more details. 2. Go to **Scoped Organization Tokens**. The list of tokens is displayed.

3. In the list of tokens, locate the token you want to view and select the **Actions** menu at the end of the row. 4. In the menu, select **View details**. The token details are displayed as illustrated below.

## Creating a Scoped Organization Token 1. Retrieve your organization. See [Retrieving your organizations](/sonarqube-cloud/getting-started/viewing-organizations.md) for more details. 2. Go to **Scoped Organization Tokens**. 3. In the top right corner, select the **Create token** button.

4. Enter the token name and description. Choose a name that accurately represents the token purpose. 5. In **Expires in**, select the token lifetime or select **No expiration**. 6. In **Projects this token can access**, select the option you want to use, either a custom selection of projects or all projects within the organization.\ If you selected **Custom selection of projects**: 1. Select the **Select projects** button. The **Projects scope** dialog opens. 2. Select the projects to which the token will give access.as illustrated below. 3. Close the dialog. 7. Select the **Generate token** button. A message pops up to notify the successful token generation. 8. Immediately copy the generated token from the notification message. Once you’ve left the notification, you won’t be able to view the token value any more.

Select the copy tool located at the right of the generated token to copy and then paste the token.

12. You can now close the notification. ## Revoking a Scoped Organization Token When you revoke a Scoped Organization Token, it’s automatically deleted. To revoke a Scoped Organization Token: 1. Retrieve your token as described above in [#retrieving-and-viewing-scoped-organization-tokens](#retrieving-and-viewing-scoped-organization-tokens "mention"). 2. In the **Actions** menu, select **Revoke**. A confirmation dialog opens. 3. Confirm. The token disappears from the list of tokens. ## Modifying the scope of a Scoped Organization Token You can modify the custom list of projects to which a Scoped Organization Token gives access. {% hint style="warning" %} You cannot modify the scope of a Scoped Organization Token configured for all current and future projects. {% endhint %} To modify the custom scope of a Scoped Organization Token: 1. Retrieve your token as described above in [#retrieving-and-viewing-scoped-organization-tokens](#retrieving-and-viewing-scoped-organization-tokens "mention"). 2. In the **Actions** menu, select **View details**. 3. Select the **Edit projects** button. The **Projects scope** dialog opens. 4. Change the project selection. 5. Select **Close**. ## Related pages * [Web API](/sonarqube-cloud/appendices/web-api.md) ## Related online courses * [Creating scoped organization tokens in SonarQube Cloud](https://www.sonarsource.com/learn/course/sonarqube-cloud/86ad9781-cfb5-4c02-b141-1fe776843827/creating-scoped-organization-tokens-in-sonarqube-cloud) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.sonarsource.com/sonarqube-cloud/administering-sonarcloud/managing-organization/scoped-organization-tokens.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.