JWT

Configure JWT authentication to complete the connection setup.

Note
The linked documents on this page are not maintained by SailPoint and are subject to change without notice.

Do the following in the HashiCorp Vault (Cloud) server to configure JWT authentication:
1. Enable JWT authentication using the HashiCorp API. For more information, refer to JWT/OIDC auth method (API) in the HashiCorp documentation.
  
  Provide the following while enabling JWT:
  - jwt_validation_pubkeys – Public key required for JWT
  - bound_issuer – Required issuer value
  - jwt_supported_algs – RS256
    
    Note
    RS256 is the only supported algorithm.
2. Create a Role for JWT authentication using the HashiCorp API. For more information, refer to the Create/Update role in the HashiCorp documentation.
  
  Provide the following values while configuring the Role:
  1. bound_subject – Required subject value for authentication
  2. user_claim – Required user claim
  3. bound_audiences – Required value for the aud claim
  4. role_type – JWT
  5. policies – Provide required policies to fetch the secrets
In SailPoint, enter the configuration parameters to use HashiCorp JWT authentication.
1. Enter the URL-encoded Authentication Provider Path used to authenticate with the HashiCorp Vault (Cloud) secret server.
  
  Important
  Don't encode the last slash (/) in your Authentication Provider path. For example, if your Authentication Provider path is xyz/pqr abcd/, then encode only xyz/pqr abcd.
  
  Tip
  Use urlencoder.org to encode your URL attributes.
2. Enter the name of the JWT Role.
3. Enter the User Claim for JWT.
4. Enter the User Claim Value.
5. In the Subject field, enter bound_subject value for the JWT Role.
6. In the Issuer field, enter the bound_issuer value for JWT authorization.
7. In the Audience field, enter the bound_audiences value for the JWT Role.
8. Enter the Private Key used to assert the JWT.
  
  Note
  The private key should be in standard PKCS #1 format. Currently, SailPoint doesn't support private keys in PKCS #8 format.
9. Enter the Private Key Password.
  
  Note
  This is only required if the private key is encrypted with a passphrase.
Select Save.

Feedback is provided as an informational resource only and does not form part of SailPoint's official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.


	You are here:

JWT

Documentation Feedback