1. Go go Applications > OAuth > Access Token Management.
  2. To create a new access token management instance, click Create New Instance.
  3. On the Type tab:
    1. Enter a name for the instance in the Instance Name field and an ID in the Instance ID field.
    2. In the Type menu, select JSON Web Tokens.
    3. Click Next.
  4. On the Instance Configuration tab:
    1. In the Certificates section, click Add a new row to 'certificates'.
    2. In the Key ID field, enter an ID for the key.
    3. In the Certificate menu, select your sighing certificate, and click Update.
    4. In the JWS Algorithm menu, select RSA using SHA-256.
    5. In the Active Signing Certificate Key ID menu, select the key ID you entered in step b.
      Screen capture of the Instance Configuration tab, on which you select your certificate and give it a Key ID.
    6. Click Next.
  5. On the Session Validation tab, click Next.
  6. On the Access Token Attribute Contract tab:
    1. Make sure User_Key is selected in the Subject Attribute Name menu.
    2. In the Extend the Contract field, enter admin_role, and click Add.
    3. Repeat step b to add the iss, memberOf, and sub attributes.
    4. Click Next.
  7. On the Resource URIs and Access Control tabs, click Next.
  8. On the Summary tab, review your configuration. Click Save.