External JWT Signers allow external identity providers to facilitate authentication with a network. External JWT Signers can be added as a static x509 certificate or via a JWKS endpoint. Authenticating clients can provide a JWT as a primary authentication mechanism to obtain an API Session. Additionally, the JWT can be required on all REST API calls if desired by using an Authentication Policy that requires it as a secondary factor.

Read more about JWT Signers


Access & Manage JWT Signers

You an access & manage the JWT Signers in the console by finding the icon on the left hand side navigation menu:

and then clicking on the "JWT Signers" tab on the top navigation menu:


Add JWT Signer

To add a new JWT Signer, click on the symbol at the top right of the page.


The new JWT Signer dialog will open:


Signer Name: Give the JWT Signer a name.

Issuer: The issuer defined within the JWT token.

Audience: The audience as define within the JWT token.

JWKS Endpoint: A JSON Web Key Set (JWKS) endpoint that returns a public key that can be used to validate the token signature.

Match JWT to Identity When:

  • JWT Claim's: The field name within the external JWT used to identify the claim.  Examples include "Subject" & "email"
  • Identity's:  Select if the field above is located in the ID or the External ID of the incoming JWT claim.

External Auth URL: The external authentication URL of the JWT signer.


Once you have created a new JWT Signer it can be assigned to a Authentication Policy

Was this article helpful?
0 out of 0 found this helpful



Article is closed for comments.