Renewing the Microsoft 365 SSO Secret

This article will walk you through the process of renewing the SSO secret used in the Microsoft 365 SSO integration.

Updated at July 27th, 2024

Not using SSO yet?

See our article Setup Microsoft 365 Single Sign-On (SSO) for more details on configuring the integration.

 

Help I'm locked out!

If your secret has already expired, you may be locked out of the system. Please reach out to our support team and we will review the issue.

 

Key Lifetimes

While Microsoft does have backend ways of extending the key lifetime past the default maximum of 730 days, the best practice is to use the lowest possible lifetime for the secret. The maximum of 730 days prevents a secret key from staying active forever, while still giving a full 2 years before you need to renew it.

Creating the Secret

  1. Go to your Entra Admin portal. This is the Identity option under Admin centers in the Microsoft 365 Admin Portal, if you can't see it you may need to click Show All first.
  2. On the left under Identity go to Applications > App registrations.
    image-png-Jan-25-2024-10-30-36-1070-PM
  3. Go to Certificates & Secrets on the left-hand side.
  4. Click on the New client secret button.
  5. In the Description text box, input a description. 
  6. In the Expires drop-down, select the 24 months option.
  7. Click the Add button.
  8. Copy the Client Secret Value. 

Renewing in the Control portal

  1. Login to the bvoip phone system.
  2. Go to System > Microsoft 365 on the left-hand side.
  3. Edit the SSO record in question using the Edit button on the right.
  4. Replace your Application (client) Secret value with the one you have copied.
  5. Press Save to save the changes
    image-png-Jan-26-2024-11-33-01-6586-PM
  6. Validate you can still login via SSO properly.