Manage API key expiration for SCIM

An API key for SCIM with an expiration date reduces your security risk. When your API key expires, you can’t provision and de-provision users between your identity provider and Atlassian. If a key is leaked or stolen, its limited lifespan prevents attackers from using it to access sensitive information in your Atlassian organization.

When you set up user provisioning or regenerate an API key, we automatically set it to expire in one year.

You may need to regenerate an API key for SCIM to:

• Address a security breach

• Control user access to your organization

• Keep provisioning users to your identity provider directory

When you regenerate an API key for SCIM, the existing key stops working.

Regenerate API key for SCIM

Regenerate an API key to set the expiration date to one year.

To regenerate the API key:

1. Log in to admin.atlassian.com. Select your organization if you have more than one.

2. Select Security > Identity providers.

3. Select your Identity provider Directory.

4. Select Regenerate API key from […}.

5. Copy the SCIM base URL and API key details to your identity provider.

6. API key expiration date appears next to the API key details.

View API key expiration for SCIM

After you set up user provisioning for an identity provider directory, you can view when your API key for SCIM expires.

To view when the API key expires:

1. Log in to admin.atlassian.com. Select your organization if you have more than one.

2. Select Security > Identity providers.

3. Select your Identity provider Directory.

4. Go to Provisioning to view API key expiration.

You can regenerate an API key for SCIM when your key expires.