diff --git a/docs/v23/troubleshooting/debugging-tools.md b/docs/v23/troubleshooting/debugging-tools.md
index 1c769093..56dff7f4 100644
--- a/docs/v23/troubleshooting/debugging-tools.md
+++ b/docs/v23/troubleshooting/debugging-tools.md
@@ -349,6 +349,35 @@ which is documented in the
 [HTCondor manual](https://htcondor.readthedocs.io/en/lts/man-pages/condor_router_q.html)
 
 
+condor_ce_test_token
+--------------------
+
+## Usage ###
+
+Use the `condor_ce_test_token` command to test SciTokens
+authentication in the CE.
+It will create a token with an issuer and subject that you specify and
+configure the CE daemons to accept that token as if it had been
+generated by the given issuer (for one hour).
+The token is printed to stdout; use it with `condor_ce_submit` to test
+that SciTokens authentication and user mapping operate correctly.
+
+To create a temporary SciToken that appears to be issued by the
+SciTokens demo issuer:
+
+``` console
+root@host # condor_ce_token_test --issuer https://demo.scitokens.org
+--audience ANY --scope condor:/WRITE --subject alice@foo.edu
+```
+
+!!! note
+    You must run `condor_ce_test_token` on the CE that you are testing
+    as the root user.
+	`condor_ce_test_token` takes the same arguments as
+    `condor_test_token`, which is documented in the
+    [HTCondor manual](https://htcondor.readthedocs.io/en/lts/man-pages/condor_test_token.html).
+
+
 condor_ce_status
 ----------------