ASM HERMES 10.6

Creating an Azure Client Secret

Azure Application Registration

Creating a client secret for your Azure App Registration is a key step when setting up an application to authenticate using OAuth 2.0 or for service-to-service communication. Here’s a step-by-step guide on how to explicitly create a client secret in Azure:

Step-by-Step Guide to Create a Client Secret in Azure

  1. Go to the Azure Portal

    • Open the Azure Portal.

    • Sign in with your administrator or developer account.

  2. Navigate to Azure Active Directory

    • In the left-hand menu, select Azure Active Directory.

  3. Select App Registrations

    • Click on App registrations in the Azure Active Directory menu.

    • From the list, select the app registration for which you want to create a client secret.

    • Alternatively, if you haven’t created an app registration yet, click on New registration to create one. See also Prerequisites

  4. Open the Certificates & Secrets Section

    • On the left-hand menu of your selected app registration, click on Certificates & secrets.

  5. Create a New Client Secret

    • Under the Client secrets section, click the + New client secret button.

  6. Add a Description and Expiration Period

    • Description: Provide a meaningful description for the client secret (e.g., Service Client Secret or ASM EWS API Secret).

    • Expires: Choose the expiration period for the secret:

      • 6 months

      • 12 months

      • 24 months

      • Never

    Select an expiration period based on your security policies and the application’s requirements. Note that you’ll need to update the secret before it expires to ensure continuity of service.

  7. Click the Add Button

    • After filling in the description and expiration period, click Add to create the client secret.

  8. Copy the Value of the Client Secret

    • Immediately after creation, you’ll see the client secret listed in the Value column.

    • Important: Copy the value of the client secret immediately, as it will be hidden once you leave the page. This value will serve as your client_secret in your application code or configuration.

    • The copied secret value should look something like:

      kzklxypV3ExL~yz9kU3EXAMPLEjE6TQ30

  9. Store the Client Secret Securely

    • Store the client secret securely, as you would with any sensitive information. Consider using a Key Vault, secure environment variables, or configuration management tools to keep the secret safe.

    • You will need this client_secret along with the Application (client) ID and Tenant ID to authenticate your app.

Where Is the Client Secret Used?

The client_secret is used in conjunction with the Client ID (Application ID) and Tenant ID to obtain an access token from Azure AD for authenticating your application. It is typically used in scenarios like:

  1. Service-to-service authentication for APIs.

  2. Daemon applications that access APIs in the background.

  3. Authorization Code Flow in web applications that need to authenticate with Azure AD.

Managing and Rotating Client Secrets

  • Regular Rotation: For security, periodically rotate client secrets and update them in your application to reduce the risk of credential leaks.

  • Monitoring Expiration: Keep track of the secret’s expiration date and ensure a new secret is created before the current one expires to avoid service interruptions.

Deleting or Replacing an Existing Client Secret

If you need to remove or replace a client secret:

  1. Go to the Certificates & secrets section of your app registration.

  2. Under Client secrets, find the secret you want to delete.

  3. Click on the Delete (trash can icon) next to the secret value.

  4. Add a new client secret if needed by following the same steps.

Last updated