LucidLink Single Sign-On (SSO): Azure AD SSO Filespace Certificate & Secret Renewal

  • Updated

Target audience: Filespace administrators


This article is part of the LucidLink Single Sign-On (SSO): "Just-in-Time" Provisioning for Users and Groups series of articles.


Part of Azure AD's just-in-time SSO application requires that the secret is periodically rotated and renewed.

Microsoft recommends six months. LucidLink, therefore, recommends their default value. However, it's possible for an organization to determine its own expiration period, based on the organization's security policies and best practices. 

Regardless of what expiration period is ultimately chosen, you will eventually need to update your secret. This article outlines a simple process for the client secret value renewal. 


1. Within the Azure AD app, navigate to App registrations > LucidLink > Certificates & secrets.


2. Click on New client secret to add a new secret.


3. Select the desired expiration of the client secret. 


Once the secret expires, group-based access granting will stop working properly in the LucidLink Filespace, therefore, you will need to re-configure the secret before it expires to avoid degraded functionality.

4. Click Add.


5. Copy the client secret Value


Client secret values cannot be viewed, except for immediately after creation. Be sure to save the secret when created before leaving the page.

6. Enter a command-prompt or Terminal session as a LucidLink root user and type the following command with your updated client secret <value>.

lucid config --set --global --Sso.ClientSecret "value"

❗️Please make sure that you enclose the client secret in quotation marks.

Was this article helpful?

1 out of 1 found this helpful