If you are using Microsoft Entra IDs, e.g., for OpenID configurations or for setting up the protocol for an Exchange Online email server, you will need a client secret.
When created, the client secret is always configured with an expiration date, and once expired, the application will no longer work, and TARGIT may no longer work for user logins or for sending mails. You cannot change or extend the expiration date, so when the client secret expires, your only option is to create a new client secret.
As an Administrator you should keep a personal log of expiration dates of your Entra ID client secrets, and preferably update the client secrets before they expire.
How to update an Entra ID Client Secret
1. Navigate to Azure Active Directory:
- Sign in to the Azure portal (https://portal.azure.com).
- In the left-hand menu, click on "Microsoft Entra ID" (formerly Azure Active Directory).
2. Go to App Registrations:
- In the Microsoft Entra ID blade, under the "Manage" section, click on "App registrations".
3. Select Your Application:
- Find and select the application for which you want to create a secret from the list of registered applications.
4. Access Certificates & Secrets:
- In the application's overview blade, under the "Manage" section, click on "Certificates & secrets".
5. Create a New Client Secret:
- In the "Client secrets" section, click on "+ New client secret".
6. Configure the Secret:
- Description: Provide a descriptive name for your client secret. This helps in identifying the purpose of the secret later. For example, you might name it "Authentication for Web App" or "API Access Secret".
- Expires: Choose the expiration duration for the secret from the dropdown menu. You can select from options like "6 months (Recommended)", "12 months", "24 months", or "Custom". Microsoft recommends setting an expiration value of less than 12 months for security reasons. Note that the maximum lifetime configurable through the Azure portal is typically 24 months.
- Click "Add".
7. Copy and Secure the Secret Value:
- Once the secret is created, it will appear in the "Client secrets" list.
- Important: In the "Value" column, you will see the newly generated secret value. Copy this value immediately and store it in a secure location. This is the only time you will be able to see and copy the secret value. After you navigate away from this page, the value will be hidden and unretrievable.
- The "Secret ID" (also known as the client secret ID) is also listed, which you might need for certain programmatic configurations, but it's the "Value" that acts as the actual secret.
8. Use the new Client Secret in TARGIT:
- Open your TARGIT Management client.
- Go to the setting where the new client secret is required, e.g., in Security and Configure identity providers, or in Setup, Alerts and Notifications.
- Paste in the Client Secret that you stored in a secure location. If required, also paste in the new Client Secret ID.
Comments
Thanks. Great description. Maybe it should be specified that the expiration date can never be changed but a new client secret must always be created instead.
Hi Michael,
I've clarified that expiration dates cannot be modified nor extended. Only option is to create a new secret.
Thank you.
BR / Ole
Please sign in to leave a comment.