Skip to content

Add CLI support for SCIM token management#3259

Draft
Amelia Dong (ameliadong97) wants to merge 1 commit intomainfrom
adong/identity-6269
Draft

Add CLI support for SCIM token management#3259
Amelia Dong (ameliadong97) wants to merge 1 commit intomainfrom
adong/identity-6269

Conversation

@ameliadong97
Copy link
Member

@ameliadong97 Amelia Dong (ameliadong97) commented Feb 12, 2026

Release Notes

New Features

  • Added CLI commands for managing SCIM tokens: confluent organization scim-token create, confluent organization scim-token list, and confluent organization scim-token delete

Checklist

  • I have successfully built and used a custom CLI binary, without linter issues from this PR.
  • I have clearly specified in the What section below whether this PR applies to Confluent Cloud, Confluent Platform, or both.
  • I have verified this PR in Confluent Cloud pre-prod or production environment, if applicable.
  • I have verified this PR in Confluent Platform on-premises environment, if applicable.
  • I have attached manual CLI verification results or screenshots in the Test & Review section below.
  • I have added appropriate CLI integration or unit tests for any new or updated commands and functionality.
  • I confirm that this PR introduces no breaking changes or backward compatibility issues.
  • I have indicated the potential customer impact if something goes wrong in the Blast Radius section below.
  • I have put checkmarks below confirming that the feature associated with this PR is enabled in:
    • Confluent Cloud prod
    • Confluent Cloud stag
    • Confluent Platform
    • Check this box if the feature is enabled for certain organizations only

What

Applies to: Confluent Cloud only

This PR adds CLI support for managing SCIM tokens for organizations with SSO configured and SCIM enabled.

Commands added:

  • confluent organization scim-token create [--expire-duration-mins <minutes>] - Creates a new SCIM token with optional custom expiration
  • confluent organization scim-token list [-o json|human] - Lists all SCIM tokens for the organization
  • confluent organization scim-token delete <id> [--force] - Deletes a SCIM token with optional force flag

Blast Radius

If something goes wrong:

  • Confluent Cloud customers who have SSO configured and are trying to manage SCIM tokens via CLI will be impacted
  • No impact on customers without SSO or those not using SCIM token management
  • The SCIM token API endpoints themselves are unchanged, only CLI interface is added

References

https://confluentinc.atlassian.net/browse/IDENTITY-6269

https://confluentinc.atlassian.net/wiki/spaces/IE/pages/4597579848/CLI+Terraform+Development+-+CCloud+SCIM+Phase+1

Test & Review

  • All 8 integration tests pass successfully
  • Manual testing performed with custom CLI binary

@confluent-cla-assistant
Copy link

confluent-cla-assistant bot commented Feb 12, 2026

🎉 All Contributor License Agreements have been signed. Ready to merge.
Please push an empty commit if you would like to re-run the checks to verify CLA status for all contributors.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Awaiting requested review from Copilot Copilot will automatically review once the pull request is marked ready for review

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ameliadong97

Comments