Rotate signing keys

You can set an authorization server to manually rotate keys. Okta rotates keys automatically by default.

Automatic key rotation is more secure than manual key rotation. Use manual key rotation only if you can't use automatic key rotation.

To change an authorization server configuration:

  1. In the Admin Console, go to SecurityAPI.

  2. Open an authorization server for editing.

  3. Change the value of Signing Key Rotation to Manual and click Save.

  4. In the authorization server Settings tab, click Rotate Signing Keys to rotate the keys manually.

    This button doesn’t appear if you set Signing Key Rotation to Automatic.