Managing Scoped Organization Tokens

Scoped Organization Tokens provide a secure way to manage non-user-specific authentication.

Scoped Organization Tokens are available starting in Team plan.

Scoped Organization Tokens are used to run analyses on your code. To do so, the sonar.token property is used. For more details see Analysis parameters.

You must be an organization admin to be able to retrieve and manage Scoped Organization Tokens.

About Scoped Organization Tokens

Scoped Organization Tokens provide a secure way to manage non-user-specific authentication. Attached to an organization, they are created and managed by the organization admin who can revoke them anytime. Revoked tokens are automatically deleted.

Scoped Organization Tokens are identified through their sqco_ prefix.
SonarQube's S7791 rule can verify the non-disclosure of Scoped Organization Tokens within your code.

Scoped Organization Tokens comply with the principle of least privilege through its scope definition:

You define the projects within the organization to which the token gives access. Currently, you can only limit the access to a list of existing projects.
You define the permissions granted by the token. Currently, you can only grant the Execute analysis permission but other permissions will be supported soon.

You can define any expiry date for your Scoped Organization Token, or no expiration. The different token statuses are:

Active
About to expire (in less that 7 days)
Expired

For security reasons, tokens without expiry date that have been inactive for 60 days will be automatically removed.

Retrieving and viewing Scoped Organization Tokens

Retrieve your organization. See Retrieving your organizations for more details.
Go to Administration > Scoped Organization Tokens.

The configured Scoped Organization Tokens are listed through the Administration > Scoped Organization Tokens menu of your org

In the list of tokens, locate the token you want to view and select the Actions menu at the end of the row.
In the menu, select View details.

Creating a Scoped Organization Token

Retrieve your organization. See Retrieving your organizations for more details.
Go to Administration > Scoped Organization Tokens.
In the top right corner, select the Create token button.
Enter the token name and description. Choose a name that accurately represents the token purpose.
In Expires in, select the token lifetime or select No expiration.

Enter a token name and description in the corresponding fields and select an expiration value

In Project scope, select Select projects. The Projects scope dialog opens.
Select the projects to which the token will give access.

Click on a project in the list to select it. Its selection box is checked.

Close the dialog.
Select the Generate token button. A message pops up to notify the successful token generation.
Immediately copy the generated token from the notification message. Once you’ve left the notification, you won’t be able to view the token value any more.

Select the copy tool located at the right of the generated token to copy and then paste the token

You can now close the notification.

Revoking a Scoped Organization Token

When you revoke a Scoped Organization Token, it’s automatically deleted.

To revoke a Scoped Organization Token:

Retrieve your organization. See Retrieving your organizations for more details.
Go to Administration > Scoped Organization Tokens.
In the list of tokens, locate the token you want to revoke and select the Actions menu at the right end of the row.
In the menu, select Revoke. A confirmation dialog opens.
Confirm. The token disappears from the list of tokens.

PreviousAdministering your users NextManaging your enterprise

Last updated 3 days ago

Was this helpful?