>
    Strata Copilot
    Supported JWT Signing Algorithms
    Focus
    Focus
    1. Home
    2. Next‑Gen Trust Security
    3. Next-Gen Trust Security
    4. Next-Gen Trust Security Overview
    5. Built-in Accounts Overview
    6. Create a Workload Identity Federation Built-in Account
    7. Supported JWT Signing Algorithms
    Next‑Gen Trust Security

    Supported JWT Signing Algorithms

    Table of Contents

    Supported JWT Signing Algorithms

    To ensure secure communication and authentication, our platform supports a specific set of JWT signing algorithms. It is important that the JWTs used for authenticating built-in accounts meet these security requirements.
    Below is a table detailing the supported algorithms and their corresponding key size requirements:
    AlgorithmDescriptionKey Size Requirement
    RS256RSASSA-PKCS1-v1_5 using SHA-256Key size limited to between 2048 and 4096 bits
    RS384RSASSA-PKCS1-v1_5 using SHA-384Key size limited to between 2048 and 4096 bits
    RS512RSASSA-PKCS1-v1_5 using SHA-512Key size limited to between 2048 and 4096 bits
    ES256ECDSA using P-256 and SHA-256Key size is fixed
    ES384ECDSA using P-384 and SHA-384Key size is fixed
    ES512ECDSA using P-521 and SHA-512Key size is fixed
    PS256RSASSA-PSS using SHA-256 and MGF1 with SHA-256Key size limited to between 2048 and 4096 bits
    PS384RSASSA-PSS using SHA-384 and MGF1 with SHA-384Key size limited to between 2048 and 4096 bits
    PS512RSASSA-PSS using SHA-512 and MGF1 with SHA-512Key size limited to between 2048 and 4096 bits
    Ensure that the JWTs used for authenticating with our built-in accounts conform to these specifications to prevent any compatibility or security issues. In addition, consider the following:
    • It is crucial to select an algorithm compatible with your security infrastructure and the requirements of our platform.
    • If you are experiencing issues with JWT authentication, please verify that your JWT signing configuration adheres to the standards listed above.

    © 2026 Palo Alto Networks, Inc. All rights reserved.