# Creating an Azure Client Secret Creating a **client secret** for your Azure App Registration is a key step when setting up an application to authenticate using **OAuth 2.0** or for service-to-service communication. Here’s a step-by-step guide on how to **explicitly create a client secret** in Azure: #### **Step-by-Step Guide to Create a Client Secret in Azure** 1. **Go to the Azure Portal** * Open the [Azure Portal](https://portal.azure.com/). * Sign in with your administrator or developer account. 2. **Navigate to Azure Active Directory** * In the left-hand menu, select **Azure Active Directory**. 3. **Select App Registrations** * Click on **App registrations** in the Azure Active Directory menu. * From the list, select the **app registration** for which you want to create a client secret. * Alternatively, if you haven’t created an app registration yet, click on **New registration** to create one. See also [Prerequisites](https://docs.alemba.com/asm-hermes/setup-and-configure-asm/setting-up-your-system/setup-email/setting-up-incoming-and-outgoing-email/configuring-exchange-web-services-ews/prerequisites) 4. **Open the Certificates & Secrets Section** * On the left-hand menu of your selected app registration, click on **Certificates & secrets**. 5. **Create a New Client Secret** * Under the **Client secrets** section, click the **+ New client secret** button. 6. **Add a Description and Expiration Period** * **Description**: Provide a meaningful description for the client secret (e.g., `Service Client Secret` or `ASM EWS API Secret`). * **Expires**: Choose the expiration period for the secret: * **6 months** * **12 months** * **24 months** * **Never** Select an expiration period based on your security policies and the application’s requirements. Note that you’ll need to update the secret before it expires to ensure continuity of service. 7. **Click the Add Button** * After filling in the description and expiration period, click **Add** to create the client secret. 8. **Copy the Value of the Client Secret** * **Immediately after creation**, you’ll see the client secret listed in the **Value** column. * **Important**: **Copy the value** of the client secret **immediately**, as it will be hidden once you leave the page. This value will serve as your `client_secret` in your application code or configuration. * The copied secret value should look something like: ``` kzklxypV3ExL~yz9kU3EXAMPLEjE6TQ30 ``` 9. **Store the Client Secret Securely** * Store the client secret securely, as you would with any sensitive information. Consider using a **Key Vault**, **secure environment variables**, or **configuration management tools** to keep the secret safe. * You will need this `client_secret` along with the **Application (client) ID** and **Tenant ID** to authenticate your app. #### **Where Is the Client Secret Used?** The `client_secret` is used in conjunction with the **Client ID** (`Application ID`) and **Tenant ID** to obtain an **access token** from Azure AD for authenticating your application. It is typically used in scenarios like: 1. **Service-to-service authentication** for APIs. 2. **Daemon applications** that access APIs in the background. 3. **Authorization Code Flow** in web applications that need to authenticate with Azure AD. #### **Managing and Rotating Client Secrets** * **Regular Rotation**: For security, periodically rotate client secrets and update them in your application to reduce the risk of credential leaks. * **Monitoring Expiration**: Keep track of the secret’s expiration date and ensure a new secret is created before the current one expires to avoid service interruptions. #### **Deleting or Replacing an Existing Client Secret** If you need to remove or replace a client secret: 1. Go to the **Certificates & secrets** section of your app registration. 2. Under **Client secrets**, find the secret you want to delete. 3. Click on the **Delete (trash can icon)** next to the secret value. 4. Add a new client secret if needed by following the same steps. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.alemba.com/asm-hermes/setup-and-configure-asm/setting-up-your-system/setup-email/setting-up-incoming-and-outgoing-email/configuring-exchange-web-services-ews/prerequisites/creating-an-azure-client-secret.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.