---
title: Configuring auth token management
description: To define the issuer and signing configuration used by JSON Web Token (JWT) identity mappings, configure auth token management.
component: pingaccess
version: 9.0
page_id: pingaccess:pingaccess_user_interface_reference_guide:pa_configuring_auth_token_management
canonical_url: https://docs.pingidentity.com/pingaccess/9.0/pingaccess_user_interface_reference_guide/pa_configuring_auth_token_management.html
revdate: February 6, 2023
section_ids:
  steps: Steps
---

# Configuring auth token management

To define the issuer and signing configuration used by JSON Web Token (JWT) *(tooltip: \<div class="paragraph">
\<p>An IETF standard container format for a JSON object used for the secure exchange of content, such as identity or entitlement information. You can find the industry standard in \<a href="https\://datatracker.ietf.org/doc/html/rfc7519">RFC 7519\</a>.\</p>
\</div>)* identity mappings, configure auth token management.

## Steps

1. Click **Access**, then go to **Identity Mappings > Auth Token Management**.

2. To enable key rolling using the specified key roll interval, click **Key Roll Enabled**.

3. To indicate how often, in hours, you want to roll the keys, specify the **Key Roll Interval (h)**.

   Key rollover updates keys at regular intervals to ensure the security of the signed auth tokens.

4. In the **Issuer** field, specify a published, unique issuer identifier to use with auth tokens.

   Set the issuer to a value that more closely represents your company. PingAccess inserts this value as the iss claim within the auth token.

5. In the **Signing Algorithm** field, select the signing algorithm used to protect the integrity of the auth tokens.

   The default is ECDSA using P-256 Curve.

6. Click **Save**.