Secret Code

What is a Secret Code (Client Secret)?

A secret code, also called a client secret, is like a password that helps an app or service securely communicate with another service. It’s used behind the scenes by apps to prove their identity and gain access to things like your data, a database, or other resources without needing someone to manually sign in.

Think of it like a key that only your app has. This key ensures that when your app asks for permission to access information (like in Office 365 or Azure), the system knows it’s the right app making the request, not an imposter.

The secret code (or client secret) for an application typically needs to be renewed every 1 to 2 years, depending on how it was originally configured. When setting up or renewing a client secret in Azure Active Directory, you can choose from several expiration options:

• 1 year

• 2 years

• Custom duration (you can specify a different length of time)

Once the client secret expires, the application that relies on it will no longer be able to authenticate, which could cause disruptions. That’s why it’s important to renew the secret before it expires and update any services or apps using it.

To avoid any downtime, it’s a good idea to keep track of expiration dates and set up reminders or notifications well in advance.

Follow the below steps to renew your secret code:

1. Sign in to Azure Portal:

   • Go to the Azure Portal.

   • Log in using your Office 365 account that has administrative privileges.

2. Navigate to Azure Active Directory (Azure AD):

   • In the left-hand menu, select Azure Active Directory.

   • If you don’t see it immediately, you can search for "Azure Active Directory" in the search bar at the top.

3. Go to App Registrations:

   • Under Manage, select App registrations.

   • Locate and click on the application for which you want to renew the secret.

   • If the application isn't listed, ensure you're checking in the correct tenant or scope.

4. Generate a New Client Secret:

   • In the application registration page, click on Certificates & Secrets from the left-hand menu.

   • Under the Client Secrets section, you’ll see any existing secrets listed, including their expiration dates.

   • Click + New client secret.

5. Set the New Secret:

   • Provide a description for the new client secret (e.g., "Renewal Oct 2024").

   • Choose the duration for how long the secret will remain valid: 1 year, 2 years, or a custom duration.

   • Click Add.

6. Copy the New Secret:

   • After the new client secret is generated, a value will be displayed.

   • Important: Copy this value and store it securely (e.g., in a password manager), as it will not be shown again once you leave the page.

7. Update Applications with the New Secret:

   • If your application or service uses this client secret for authentication (e.g., for API access), update the application’s configuration with the new secret.

   • Failure to update the secret in your applications before the old one expires will cause authentication failures.

   • paste the new secret value into clearooms at https://portal.clearooms.com/settings/account/integrations/office365 (see screenshot)

8. Remove the Old Secret (Optional):

   • Once you've confirmed that the new secret is working, you can delete the old secret to avoid security risks. To do this, click on the ellipsis (...) next to the old secret and select Delete.