Security Token Service
How to begin using the STS
Clients register with the STS following the procedures identified in RFC 7591 and RFC 7592.
Registration with the Key Bridge STS requires clients to present an Initial Access Token that identifies an active account with Key Bridge. The account actor may be either an individual or an organization, depending upon account type. IAT generation is similar for each type, except in how the token is signed.
Key Bridge process model for initial access token generation
The Initial Access Token (IAT) is a compact-form JSON Web Token (JWT) signed by either your Individual account shared secret or, for enterprise users, by your Organization's private key.
For convenience an IAT can be issued by the Key Bridge User Access Manager application for individual accounts and for organizations using an X.509 certificate issued by Key Bridge. Organizations using uploaded certificates must generate and sign their own IATs.