Configure a JWT provider and token for HLAIntroduction This KB describes the steps needed to create a JWT token for ITOM Cloud Services, which can be used for authentication for sending data from Amazon Data Firehose to HLA. For troubleshooting suggestions and additional documentation, see KB2117152. Requirements HLA version 36.0.19 or higherThe instance user that creates the KeyStore on the instance must have appropriate ACLs to create records in appropriate tables and cryptographic modules. Create a KeyStore When uploading the keystore to the instance, the user can create either JKS or PKCS12. The keystore must have a password. Below is an example of creating the necessary public/private keys and the keystore using openssl. # generate the private key openssl genrsa -out private.key 2048 # create the certificate - all metadata is optional when prompted openssl req -new -x509 -key private.key -out public_key.cer -days 9125 -sha256 # create a keystore openssl pkcs12 -export -in public_key.cer -inkey private.key -out my_keystore.p12 -name my_keystore Create the certificate record Navigate to sys_certificate tableCreate a new record with "Java Key Store" as shown in the screenshot and upload the keystore file to this record. Note this MUST be a "Java Key Store" type. Add the password from the previous step. Create JWT key Navigate to the "JWT Key" table. Use the sys_certificate record we created above for the "signing keystore", and the keystore password for the "signing key" Create JWT provider Navigate to the "JWT Provider" table. Set the "Signing Configuration" to the JWT Key record that you just created. Create ICS JWT Config Navigate to the "ICS JWT Config" table. Create a new record, specify the previously created JWT Provider, and attach the public certificate from the "create a keystore" step. Getting and using a Token Once the above setup is complete, you can follow the documentation found here: https://www.servicenow.com/docs/bundle/yokohama-it-operations-management/page/product/health-log-analytics-admin/task/il-connector-hla-firehose.html?state=seamlessin order to generate a token to use, and integrate with HLA. Troubleshooting A common error is if the user creating a KeyStore and associated records on the instance does not have correct ACLs or permissions to do so. See https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1112530 for additional recommendations.