---
title: Configuring OAuth key management settings
description: Configure settings for OAuth key management in PingAccess.
component: pingaccess
version: 9.0
page_id: pingaccess:pingaccess_user_interface_reference_guide:pa_configuring_oauth_key_management_settings
canonical_url: https://docs.pingidentity.com/pingaccess/9.0/pingaccess_user_interface_reference_guide/pa_configuring_oauth_key_management_settings.html
revdate: February 6, 2023
section_ids:
  steps: Steps
  choose-from: Choose from:
---

# Configuring OAuth key management settings

Configure settings for OAuth *(tooltip: \<div class="paragraph">
\<p>A standard framework that enables an application (OAuth client) to obtain access tokens from an OAuth authorization server for the purpose of retrieving protected resources on a resource server.\</p>
\</div>)* key management in PingAccess.

## Steps

1. Click **Access**, then go to **Token Validation > OAuth Key Management**.

2. Choose to enable or disable key rolling:

   ### Choose from:

   * To enable key rolling, select the **Key Roll Enabled** check box.

   * To disable key rolling, clear the **Key Roll Enabled** check box.

3. To specify the interval at which you want to roll keys, enter a value (in hours) in the **Key Roll Enabled (H)** field.

4. From the **Signing Algorithm** list, select a signing algorithm to protect the integrity of the token when you use private key JSON Web Token (JWT) *(tooltip: \<div class="paragraph">
   \<p>An IETF standard container format for a JSON object used for the secure exchange of content, such as identity or entitlement information. You can find the industry standard in \<a href="https\://datatracker.ietf.org/doc/html/rfc7519">RFC 7519\</a>.\</p>
   \</div>)* OAuth client *(tooltip: \<div class="paragraph">
   \<p>The application in an OAuth framework that requests access to resources. If the request is approved by the authorization server, the client is issued an access token for the resources.\</p>
   \</div>)* authentication.

   If you select **Automatic**, you will use the algorithm specified in the OpenID Provider (OP) *(tooltip: \<div class="paragraph">
   \<p>In OAuth terms, an authorization server (AS). The OP/AS issues access tokens to protected resources for approved clients (relying parties). The clients use the access token to access the protected resources hosted by the OAuth resource server.\</p>
   \</div>)* metadata.

5. Click **Save**.