Configure Private Key JWT for OIDC based SSO

Yokohama Platform security

Release

yokohama

ft:locale

en-US

ft:publication_title

Yokohama Platform security

ft:clusterId

psec

bundleId

psec

workflow

Platform

Configure Private Key JWT for OIDC based SSO

Release version: Yokohama

Updated January 30, 2025

1 minute to read

Configure Private Key JWT for OIDC based SSO integrations.

Role required: admin

You must perform the following tasks before choosing Private Key JWT for OIDC based SSO.

Upload Java Key Store certificate: Attach a JKS certificate to your instance to use to enable the JWT client authentication.
Configure a JWT signing key: Create a JWT signing key to assign to your Java KeyStore (JKS) certificate.
Note:
If you want to add X.509 Certificate SHA-1 Thumbprint int (x5t) to the header as part of the JWT Key, you must configure the form and add the X.509 Certificate SHA-1 Thumbprint int (x5t) field.
Create a JWT provider with a JWT signing key: Add a JWT provider to your ServiceNow instance.

To include a JWT Key for OIDC based Identity Provider, you must:

Install the Integration - Multiple Provider Single Sign-On Installer (com.snc.integration.sso.multi.installer) plugin.
Enable the properties for Multiple Provider SSO Properties. For more information, see Multi-Provider SSO properties, tables, and scripts.
Create an OIDC Identity Provider. For more information, see Create an OpenID Connect (OIDC) configuration for Single Sign-On (SSO).

Navigate to All > System OAuth > Application Registry.
Select the OIDC Identity Provider that you had created.
On top of the form, select Configure > Form Design.

Note:
You must add Send Credentials and JWT Provider fields to the form to use the Private Key JWT for OIDC based Identity Provider authentication requests.
Choose the As Private Key JWT for Send Credentials.
Select the JWT Provider.
When the user authenticates, the authentication page has options to login through Okta.