Target audience: Filespace administrators
This article is part of the LucidLink Single Sign-On (SSO): "Just-in-Time" Provisioning for Users and Groups series of articles.
Part of Azure AD's just-in-time SSO application requires that the secret is periodically rotated and renewed.
Microsoft recommends six months. LucidLink, therefore, recommends their default value. However, it's possible for an organization to determine its own expiration period, based on the organization's security policies and best practices.
Regardless of what expiration period is ultimately chosen, you will eventually need to update your secret. This article outlines a simple process for the client secret value renewal.
1. Within the Azure AD app, navigate to App registrations > LucidLink > Certificates & secrets.
2. Click on New client secret to add a new secret.
3. Select the desired expiration of the client secret.
Important: Once the secret expires, group-based access granting will stop working properly in the LucidLink Filespace, therefore, you will need to re-configure the secret before it expires to avoid degraded functionality.
4. Click Add.
5. Copy the client secret Value.
Important: Client secret values cannot be viewed, except for immediately after creation. Be sure to save the secret when created before leaving the page.
6. Enter a command-prompt or Terminal session as a LucidLink root user and type the following command with your updated client secret <value>.
lucid config --set --global --Sso.ClientSecret <value>