Skip to main content


Non-interactive JSON Web Token (JWT) Authentication


You must have an 1E integration AAD app before this part of your setup. For details refer to Managing authentication.

Enable non-interactive authorization
  1. You can upload your own certificate to set up the non-interactive JWT authentication and get the KeyID (KID) of your certificate by running the following PowerShell cmdlet. The KID of this certificate must then be mapped to a user (principal). The KID of this certificate must then be mapped to a user (principal).

    Get-1ECertificateThumbprint -StoreName LocalMachine\My
  2. The Application (Client) Id of the 1E Integration AAD application must be registered with the Solution.

  3. The Application (Client) Id should be added as a ClientAssertionId in 1E platform. You will need to contact your 1E representative to complete this process.

Extracting Private Key of the Certificate
  1. Export the certificate with its private key.

  2. Use Powershell or OpenSSL to extract the encrypted private key. For this example we have used Open SSL to extract the key:

    openssl pkcs12 -in file.pfx -out file.pem -nodes -clcerts -passout pass:12345 
  3. Keep the .pem file safe and extract the private key.

JWT Principal Mapping

Once the certificate is added, you will need to use the 1E Toolkit to add a mapping between users in the 1E platform and the certificate used for non-interactive login.

  1. Prepare the PowerShell toolkit by running:

    import-module .\ps1etoolkit.psd1 -force
  2. Add-1EJWTPrincipalMapping passing in the KID for the cert as the Identifier and the user you want to map to as the Principal, for example:

    PS C:\Program Files\1E\PowerShellToolkit> Add-1EJWTPrincipalMapping
    cmdlet Add-1EJwtPrincipalMapping at command pipeline position 1
    Supply values for the following parameters:
    Identifier: <KID of the certificate obtained>
    Principal: <User principal name>  Eg.
  3. You can view existing associations by running: