diff --git a/docs/gl_objects/job_token_scope.rst b/docs/gl_objects/job_token_scope.rst
index 370ffa282..2de8c6f1a 100644
--- a/docs/gl_objects/job_token_scope.rst
+++ b/docs/gl_objects/job_token_scope.rst
@@ -49,3 +49,23 @@ Refresh the current state of job token scope::
     scope.refresh()
     print(scope.inbound_enabled)
     # False
+
+Get a project's CI/CD job token inbound allowlist::
+
+    allowlist = scope.allowlist.list()
+
+Add a project to the project's inbound allowlist::
+
+    allowed_project = scope.allowlist.create({"target_project_id": 42})
+
+Remove a project from the project's inbound allowlist::
+
+    allowed_project.delete()
+    # or directly using a project ID
+    scope.allowlist.delete(42)
+
+.. warning::
+
+   Similar to above, the ID attributes you receive from the create and list
+   APIs are not consistent. To safely retrieve the ID of the allowlisted project
+   regardless of how the object was created, always use its ``.get_id()`` method.
diff --git a/gitlab/v4/objects/job_token_scope.py b/gitlab/v4/objects/job_token_scope.py
index 828fe012c..dcd29f55f 100644
--- a/gitlab/v4/objects/job_token_scope.py
+++ b/gitlab/v4/objects/job_token_scope.py
@@ -2,12 +2,18 @@
 
 from gitlab.base import RESTManager, RESTObject
 from gitlab.mixins import (
+    CreateMixin,
+    DeleteMixin,
     GetWithoutIdMixin,
+    ListMixin,
+    ObjectDeleteMixin,
     RefreshMixin,
     SaveMixin,
     UpdateMethod,
     UpdateMixin,
 )
+from gitlab.types import RequiredOptional
+
 
 __all__ = [
     "ProjectJobTokenScope",
@@ -18,6 +24,8 @@
 class ProjectJobTokenScope(RefreshMixin, SaveMixin, RESTObject):
     _id_attr = None
 
+    allowlist: "AllowlistedProjectManager"
+
 
 class ProjectJobTokenScopeManager(GetWithoutIdMixin, UpdateMixin, RESTManager):
     _path = "/projects/{project_id}/job_token_scope"
@@ -27,3 +35,23 @@ class ProjectJobTokenScopeManager(GetWithoutIdMixin, UpdateMixin, RESTManager):
 
     def get(self, **kwargs: Any) -> ProjectJobTokenScope:
         return cast(ProjectJobTokenScope, super().get(**kwargs))
+
+
+class AllowlistedProject(ObjectDeleteMixin, RESTObject):
+    _id_attr = "target_project_id"  # note: only true for create endpoint
+
+    def get_id(self) -> int:
+        """Returns the id of the resource. This override deals with
+        the fact that either an `id` or a `target_project_id` attribute
+        is returned by the server depending on the endpoint called."""
+        try:
+            return cast(int, getattr(self, self._id_attr))
+        except AttributeError:
+            return cast(int, getattr(self, "id"))
+
+
+class AllowlistedProjectManager(ListMixin, CreateMixin, DeleteMixin, RESTManager):
+    _path = "/projects/{project_id}/job_token_scope/allowlist"
+    _obj_cls = AllowlistedProject
+    _from_parent_attrs = {"project_id": "project_id"}
+    _create_attrs = RequiredOptional(required=("target_project_id",))