# SCIM Token Management

An organization's System for Cross-Domain Identity Management (SCIM) token authenticates your identity provider (Microsoft Entra ID, Okta, or Google Workspace) to dynamically provision users and groups in Verkada Command.

***

## Generate a SCIM token

{% stepper %}
{% step %}
**In Verkada Command, go to All Products > Admin.**
{% endstep %}

{% step %}
**Select Login & Access > SCIM Users Provisioning.**
{% endstep %}

{% step %}
**Click Add Domain and enter the desired email domains.**
{% endstep %}

{% step %}
**(Optional) Toggle off Send Email Invites if you do not want users to receive an email invite when their account is created.**

The newly generated SCIM token displays.

<div align="left" data-with-frame="true"><img src="https://705858581-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FNRq5qDDjsYNxwNzF1bcB%2Fuploads%2Fgit-blob-c910b18392d235c3bc05fa7596d970cde8ac1697%2F0028cbe9b5d00fa3b4b3e92ce4c59268f695fcbe.png?alt=media" alt="" width="606"></div>
{% endstep %}

{% step %}
**Select the token to copy it to your clipboard.**
{% endstep %}
{% endstepper %}

{% hint style="danger" %}
Immediately update your identity provider configuration with this new token. Once the page is reloaded, the token does not re-appear.
{% endhint %}

***

## Refresh a SCIM token

If you need to regenerate your token (for example, if it's lost or compromised), you can do this in Command.

{% hint style="warning" %}
Once you refresh your SCIM token, the previous token is immediately invalidated. Copy the new token into your identity provider immediately to ensure no interruption to user provisioning.
{% endhint %}

### Requirements

* Your organization must already have SCIM provisioning enabled
* You must be an Organization Admin to refresh the SCIM token

### How it works

{% stepper %}
{% step %}
**In Command, go to All Products > Admin.**
{% endstep %}

{% step %}
**Select Login & Access > SCIM Users Provisioning.**
{% endstep %}

{% step %}
**Click Refresh.**
{% endstep %}

{% step %}
**When the warning message displays, click Continue to confirm.**

The newly generated SCIM token displays.
{% endstep %}

{% step %}
**Select the token to copy it to your clipboard.**

This new token revokes the previous one and cannot be undone.
{% endstep %}
{% endstepper %}

{% hint style="danger" %}
Immediately update your identity provider configuration with this new token. Once the page is reloaded, the token does not re-appear.
{% endhint %}