Managing Scoped Organization Tokens
Scoped Organization Tokens provide a secure way to manage non-user-specific authentication.
Scoped Organization Tokens are available starting in Team plan.
Scoped Organization Tokens are used to run analyses on your code. To do so, the sonar.token property is used. For more details see Analysis parameters.
You must be an organization admin to be able to retrieve and manage Scoped Organization Tokens. This section explains how to do this in the UI. You can also use the Authentication domain API.
About Scoped Organization Tokens
Scoped Organization Tokens provide a secure way to manage non-user-specific authentication. Attached to an organization, they are created and managed by the organization admin who can revoke them anytime. Revoked tokens are automatically deleted.
Scoped Organization Tokens comply with the principle of least privilege through its scope definition:
You define the projects within the organization to which the token gives access. You can limit the access to a custom selection of existing projects or select all current and future projects.
You define the permissions granted by the token. Currently, you can only grant the Execute analysis permission but other permissions will be supported soon.
You can define any expiry date for your Scoped Organization Token, or no expiration. The different token statuses are:
Active
About to expire (in less that 7 days)
Expired
Retrieving and viewing Scoped Organization Tokens
Retrieve your organization. See Retrieving your organizations for more details.
Go to Administration > Scoped Organization Tokens. The list of tokens is displayed as illustrated below.
In the list of tokens, locate the token you want to view and select the Actions menu at the end of the row.
In the menu, select View details. The token details are displayed as illustrated below.
Creating a Scoped Organization Token
Retrieve your organization. See Retrieving your organizations for more details.
Go to Administration > Scoped Organization Tokens.
In the top right corner, select the Create token button.
Enter the token name and description. Choose a name that accurately represents the token purpose.
In Expires in, select the token lifetime or select No expiration.
In Projects this token can access, select the option you want to use, either a custom selection of projects or all projects within the organization. If you selected Custom selection of projects:
Select the Select projects button. The Projects scope dialog opens.
Select the projects to which the token will give access.as illustrated below.
Close the dialog.
Select the Generate token button. A message pops up to notify the successful token generation.
Immediately copy the generated token from the notification message. Once you’ve left the notification, you won’t be able to view the token value any more.
You can now close the notification.
Revoking a Scoped Organization Token
When you revoke a Scoped Organization Token, it’s automatically deleted.
To revoke a Scoped Organization Token:
Retrieve your token as described above in Retrieving and viewing Scoped Organization Tokens.
In the Actions menu, select Revoke. A confirmation dialog opens.
Confirm. The token disappears from the list of tokens.
Modifying the scope of a Scoped Organization Token
You can modify the custom list of projects to which a Scoped Organization Token gives access.
You cannot modify the scope of a Scoped Organization Token configured for all current and future projects.
To modify the custom scope of a Scoped Organization Token:
Retrieve your token as described above in Retrieving and viewing Scoped Organization Tokens.
In the Actions menu, select View details.
Select the Edit projects button. The Projects scope dialog opens.
Change the project selection.
Select Close.
Related pages
Last updated
Was this helpful?