This page provides a simple example of how to configure Cloud CMS for JWT.

For a deeper explanation of Cloud CMS Single Sign On (SSO) and the role that JWT plays in it, please read our documentation on Single Sign On.

The example provided here is pretty simple. It is put together this way to keep things simple.

In practice, you'll make modifications to this approach depending upon the needs of your security and identity provider system.


Let's generate a JSON Web Token.

Open up a browser to https://jwt.io and enter the following:

For the Header, enter the following:

  "alg": "HS256",
  "typ": "JWT"

This indicates that we should encode the JWT token using HMACSHA256 (HS256).

For the Payload, use the following:

  "iss": "test",
  "name": "John Doe",    
  "email": "john@doe.com",
  "firstName": "John",
  "lastName": "Doe"

These values are:

  • iss - the issuer of the JWT token. In this case, we set it to test
  • name - the name of the user
  • email - the email address of the user
  • firstName - the first name of the user
  • lastName - the last name of the user

In the Verify Signature section, set the your-256-bit-secret value to testsecret.

All in all, it should look something like this:

On the left-hand side, you should now see a generated JWT token:


Remember this token. You'll need to copy/paste it later.

Configure Cloud CMS

Now go into Cloud CMS. Log in as your admin or tenant owner and go to Manage Platform > SSO.

Select JWT and then set up your configuration more or less like this:

Where the following applies:

  • Set Token Type to Cookie
  • Set Token Name to MyCookie
  • Set Shared Secret to testsecret
  • Set Algorithm to HS256 (HMAC + SHA256)
  • Set Issuer to test
  • Set User Primary Identifier Field to email

These values should match what we use in the JSON Web Token.

And then, under User Field Mappings, add:

  • User Property firstName is mapped from firstName
  • User Property lastName is mapped from lastName
  • User Property email is mapped from email

Save your changes.

In this section, we'll assume you're using Google Chrome.

Make sure you're logged out of Cloud CMS and then go to:


Open up the Developers Console (Command + Option + I on the Mac). Then go under Applications and add a Cookie.

The cookie name should be MyCookie and its value should be the value of the JSON Web Token we produced earlier, shown here:


Now point your browser one again to:


And you'll be automatically signed in. The JSON Web Token is picked up from the MyCookie cookie. It is decrypted and the properties contained inside of it are used to automatically sync a user into Cloud CMS. The user's name is John Doe as described by the JSON Web Token.