**As** Begin of the insertionan administratorEnd of the insertion Begin of the deletion a \[enter role of user\]End of the deletion
**I want to** Begin of the insertionsetup system-level tokensEnd of the insertion Begin of the deletion \[enter objective\]End of the deletion
**so that** Begin of the insertioncan use them as authentication in my SCIM client to give it access to the OpenProject SCIM server API.End of the insertion Begin of the deletion \[enter desired result\]End of the deletion

**Acceptance criteria**

Begin of the deletion TODO:

End of the deletion * Like personal access tokens, but with the system user

* Only constrained in power by scopes (and possibly expiration) Begin of the insertion

* A menu entry is placed in [https://qa.openproject-edge.com/admin/settings/authentication](https://qa.openproject-edge.com/admin/settings/authentication)

* User is able to create and name system-level tokens

* Each token has a scope but for now only SCIM API scope can be selected and is selected by default.

* It is possible to have multiple active tokens.

* A token has a menu to delete the token.End of the insertion


**Technical notes**

* I'd suggest to prefix them, so that we can recognize how to validate them, e.g. `opst-ABCDEF...` (**O**pen**P**roject**S**ystem**T**oken)


**Permissions and visibility considerations**

* Begin of the insertionOnly adminsEnd of the insertion Begin of the deletion _To whom is this feature visible?_End of the deletion

* Begin of the insertionOnly when Enterprise plan: CorporateEnd of the insertion Begin of the deletion _WhenEnd of the deletion is Begin of the insertionactive.End of the insertion Begin of the deletion it not visible?_End of the deletion


**Out of scope**

* <br>