Configure JSON web token API authentication (JWT)

In this topic, you learn how to set up authentication via a JSON web token (JWT) and how to configure it in your Cockpit. You must perform multiple tasks to enable the connection.


  • You have registered the Neptune DXP - Open Edition in the Microsoft Entra admin center. Find more information about how to register an app on Microsoft documentation.

  • You know the tenant ID from the Microsoft Entra admin center for your Neptune DXP - Open Edition.


  1. In the Cockpit, go to Settings, and click System Settings.

  2. Navigate to the Authentication tab and click Edit.

  3. Click + Add, and select JWT.

    settings auth jwt

    Result: The Authentication window opens.

  4. In JWT Validation, fill in or check the following fields:

    1. Enter a Name for the authentication.

    2. Check Active to activate this authentication method.

    3. Enter a Description.

    4. Enter a Path to retrieve a Neptune DXP - Open Edition session, for example, /user/logon/jwt/(path). You can add any string as a path.

    5. You can add an Issuer validation.

    6. You can add an Audience validation.

    7. In Secret, add a secret key for the validation if no JSON web key set (JWKS) URL is provided.

      Jwks Url

      Add the URL that leads to the JWKS. For example:<tenantid>/discovery/v2.0/keys
    8. In Proxy for Jwks Url, add a proxy for your JWKS url, you can add any string.

    9. Set a token header field in Override default Jwt Extraction Method - From Authorization Header as Bearer Token

  5. In Claims Assignment, click Add to add claims assignments.

  6. If required, in Auto Assignment, assign roles and groups that you have defined in the Role and Security Group tools in the Cockpit.

  7. Click OK to save your input.

    Result: The Authentication dialog closes.

  8. In System Settings, click Restart to activate JSON web token authentication.


  • You have configured and activated a JWT authentication.