Enable Secretless Enterprise SSO (`private_key_jwt`) for Entra ID OIDC Clients
S
Stephen Bergeron
Hi Port Product team,
We are requesting support for OIDC client authentication mode
private_key_jwt
(RFC 7523) for Entra ID SSO configurations.At BNC, this is a blocker to implementing our approved SSO architecture because shared secret modes do not meet our target security posture for enterprise SaaS integrations. We are explicitly asking for a no-shared-secret model based on signed client assertions and certificate/public-key registration.
This is high-impact for both Port and regulated enterprise customers:
- For Port: stronger enterprise IAM posture, fewer procurement/security objections, and reduced support friction around secret lifecycle incidents.
- For customers: lower credential risk, easier compliance, and faster secure rollout.
Requested outcomes:
- Support private_key_jwtfor Entra ID OIDC clients.
- Provide certificate rotation support with overlap window and non-breaking cutover.
- Publish clear setup and troubleshooting guidance.
We are available to run a controlled enterprise pilot for this capability.
Thank you,
BNC DevPortal Architecture Team