Managing Token Authentication for SCIM Sync

Applies from version 2021.4

Alation supports token authentication when syncing user and group information over SCIM. Token authentication can be configured during SCIM setup for an Alation instance. See Configure SCIM Integration about the end-to-end configuration of SCIM sync.

SCIM authentication tokens have a lifespan of 6 months. The expiration period cannot be customized: a token lasts for 6 months and expires. After 6 months, a new token needs to be created.

You do not have to wait for the token to expire to renew it. If you require a shorter expiration period for authentication tokens, you can create a new token after the desired period of time.


After renewing the token on the Alation server, update the token value in the properties of the SCIM application in your IdP.

Retrieve the Expiration Date of the Current Token

To get the expiration date for the current token:

  1. SSH to the Alation host.

  2. Enter the Alation shell:

    sudo /etc/init.d/alation shell
  3. Enter the Django shell:

  4. In the Django shell, run:

    from rosemeta.utils.users_and_groups.configuration_utils import get_scim_bearer_token_expiry_date

This will output the expiration date of the current token in UTC.

Create a New Token

To create a new token, run the following code form the Django shell:

from rosemeta.utils.users_and_groups.configuration_utils import set_scim_bearer_token

This sets a new SCIM authentication token on the Alation server.

Retrieve the Current Token Value

To retrieve the current token value, run the following code from the Alation Django shell:

from rosemeta.utils.users_and_groups.configuration_utils import get_scim_bearer_token