Managing Scoped Organization Tokens

Scoped Organization Tokens provide a secure way to manage non-user-specific authentication

Scoped Organization Tokens are available starting in Team plan.

You must be an organization admin to be able to retrieve and manage Scoped Organization Tokens.

About Scoped Organization Tokens

Scoped Organization Tokens provide a secure way to manage non-user-specific authentication. Attached to an organization, they are created and managed by the organization admin who can revoke them anytime.

SonarQube's S7791 rule can verify the non-disclosure of Scoped Organization Tokens within your code.

Scoped Organization Tokens comply with the principle of least privilege through its scope definition:

  • You limit the access to a list of projects within the organization.

  • You define specific permissions. Currently, you can only grant the Execute analysis permission but other permissions will be supported soon.

You can define any expiry date for your Scoped Organization Token, or no expiration. The different token statuses are:

  • Active

  • About to expire (in less that 7 days)

  • Expired

Revoked tokens are automatically deleted.

Scoped Organization Tokens are identified through their sqco_ prefix.

Retrieving and viewing Scoped Organization Tokens

  1. Retrieve your organization. See Retrieving your organizations for more details.

  2. Go to Administration > Scoped Organization Tokens.

  3. Select a token in the list to open its detailed view.

Creating a Scoped Organization Token

  1. Retrieve your organization. See Retrieving your organizations for more details.

  2. Go to Administration > Scoped Organization Tokens.

  3. In the top right corner, select the Create token button.

  4. Enter the token name and description. Choose a name that accurately represents the token purpose.

  5. In Expires in, select the token lifetime or select No expiration.

  6. In Project scope, select Select projects. The Projects scope dialog opens.

  7. Select the projects to which the token will give access.

  8. Close the dialog.

  9. Select the Generate token button. A message pops up to notify the successful token generation

  10. Immediately copy the generated token from the notification message. Once you’ve left the notification, you won’t be able to view the token value any more.

  11. You can now close the notification.

Revoking a Scoped Organization Token

When you revoke a Scoped Organization Token, it’s automatically deleted.

To revoke a Scoped Organization Token:

  1. Retrieve your organization. See Retrieving your organizations for more details.

  2. Go to Administration > Scoped Organization Tokens.

  3. In the list of tokens, locate the token you want to revoke and select the Actions menu at the right end of the row.

  4. In the menu, select Revoke. A confirmation dialog opens.

  5. Confirm. The token disappears from the list of tokens.

PreviousAdministering your usersNextManaging your enterprise

Last updated

Was this helpful?