Change Header
Change Type: Announcement
Product area: Platform services
Component: Authentication
Deployed at: eu.latest.cumulocity.com, apj.cumulocity.com, jp.cumulocity.com, cumulocity.com, us.cumulocity.com, emea.cumulocity.com
Technical details
Build artifact: cumulocity (10.20.0)
Internal ID: MTM-53448
Change Description
JWT authentication with Cumulocity has been deprecated since release 10.6 and will be removed in Q3 2024 for the SaaS instances and in 2025 for the yearly releases.
This authentication method is not to be confused with SSO (single sign-on) or OAI-Secure authentication, which are both recommended and still supported.
This change will only impact you if your organization used an early version of SSO on Cumulocity.
For customers on the public cloud instances we will get in touch with you if you are using this type of authentication.
For self-hosted or self-managed instances you need to do the following:
Ask your Operations team to run this script. This will verify
whether any tenant collections have an authenticationProviders
configuration and
if any tenant has the tenant options configured with the category token.publicKey
.
If either an authenticationProvider
configuration or the tenant option token.publicKey
category exists this indicates that the deprecated JWT is, or was, used in the past. In this case you need to check your external services for use of the JWT authentication and change it to use either SSO or OAI-Secure. These two methods provide a better and more secure approach to authentication.
These methods are documented here: