Manage SCIM API key expiration

In early January of 2025, we automatically set SCIM API keys to expire in one year when you:

set up user provisioning
regenerate a SCIM API key for your identity provider directory

This does not affect existing SCIM API keys.

A SCIM API key with an expiration date reduces your security risk. When your API key expires, you can’t provision and de-provision users between your identity provider and Atlassian. If a key is leaked or stolen, its limited lifespan prevents attackers from using it to access sensitive information in your Atlassian organization.

When you set up user provisioning or regenerate a SCIM API key, we automatically set it to expire in one year.

You may need to regenerate a SCIM API key to:

Address a security breach
Control user access to your organization
Keep provisioning users to your identity provider directory

When you regenerate a SCIM API key, the existing key stops working.

Regenerate SCIM API key

Regenerate an API key to set the expiration date to one year.

To regenerate the SCIM API key:

Log in to admin.atlassian.com. Select your organization if you have more than one.
Select Security > Identity providers.
Select your Identity provider Directory.
Select Regenerate API key from […}.
Copy the SCIM base URL and API key details to your identity provider.
API key expiration date appears next to the API key details.

View SCIM API key expiration

After you set up user provisioning for an identity provider directory, you can view when your SCIM API key expires.

To view when the API key expires:

Log in to admin.atlassian.com. Select your organization if you have more than one.
Select Security > Identity providers.
Select your Identity provider Directory.
Go to Provisioning to view API key expiration.

You can regenerate a SCIM API key when your key expires.

Was this helpful?

It wasn't accurate

It wasn't clear

It wasn't relevant

Still need help?

The Atlassian Community is here for you.

Ask the Community