User Policy

In accordance to standard security practices, Security Validation includes policies around user accounts and access. You are able to define:

  • When/if to lock someone out
    • Time to wait before an account is unlocked
  • When/if to expire passwords
  • When/if a user can reuse a password
  • JSON Web Token (JWT) payload field name for the ID
  • URL of the server used to store a user's JSON Web Key Set

Using JSON Web Tokens for API Authentication

You can use JSON Web Tokens (JWTs) in place of an API key for API authentication. The public JSON Web Key Set is cached for 12 hours.

NOTE: This document covers information relevant for using JWTs in the Validation Platform. For details about generating and managing JSON Web Tokens, see the JWT website.

Generating JWTs for use in the Validation Platform

  1. When you configure the payload, enter your existing Validation Platform API key in the sub field.

    NOTE: You can change the name of the sub field, but you must still use your Validation Platform API key as the value.

  2. Configure the other fields in the header and payload.
  3. Generate your JWTs in a private OAuth server.
  4. Take note of the JSON Web Key Set URL with public keys used to decode JWTs.

Entering JSON Web Token Information in the User Policy Settings

  1. Go to Settings > User Settings.
  2. Click User Policy.

    User Policy - Entering JSON Web Token information for API authentication

  3. Enter the payload field name associated with your API key.
  4. Enter the public URL of the server that manages your JSON Web Key Set.
© Copyright Mandiant. All rights reserved
  • First Published: June 5, 2022
  • Last updated: July 13, 2023
In This Article
Related Articles
Copyright © 2020 – 2021 Your Company, LLC. All rights reserved.