External JWT Signers allow external identity providers to facilitate authentication with a network. External JWT Signers can be added as a static x509 certificate or via a JWKS endpoint. Authenticating clients can provide a JWT as a primary authentication mechanism to obtain an API Session. Additionally, the JWT can be required on all REST API calls if desired by using an Authentication Policy that requires it as a secondary factor.

Read more about JWT Signers

 

Access & Manage JWT Signers

You an access & manage the JWT Signers in the console by finding the icon on the left hand side navigation menu:

and then clicking on the "JWT Signers" tab on the top navigation menu:

 

Add JWT Signer

To add a new JWT Signer, click on the symbol at the top right of the page.

 

The new JWT Signer dialog will open:

 

Signer Name: Give the JWT Signer a name.

Issuer: The issuer defined within the JWT token.

Audience: The audience as define within the JWT token.

JWKS Endpoint: A JSON Web Key Set (JWKS) endpoint that returns a public key that can be used to validate the token signature.

Match JWT to Identity When:

  • JWT Claim's: The field name within the external JWT used to identify the claim.  Examples include "Subject" & "email"
  • Identity's:  Select if the field above is located in the ID or the External ID of the incoming JWT claim.

External Auth URL: The external authentication URL of the JWT signer.

 

Once you have created a new JWT Signer it can be assigned to a Authentication Policy

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Article is closed for comments.