LucidLink Single Sign-On (SSO): Azure AD SSO Filespace Certificate & Secret Renewal

David Bull
David Bull
  • Updated

Target audience: Filespace administrators

 

This article is part of the LucidLink Single Sign-On (SSO): "Just-in-Time" Provisioning for Users and Groups series of articles.

 

Part of Azure AD's just-in-time SSO application requires that the secret is periodically rotated and renewed.

Microsoft recommends six months. LucidLink, therefore, recommends their default value. However, it's possible for an organization to determine its own expiration period, based on the organization's security policies and best practices. 

Regardless of what expiration period is ultimately chosen, you will eventually need to update your secret. This article outlines a simple process for the client secret value renewal. 

 

1. Within the Azure AD app, navigate to App registrations > LucidLink > Certificates & secrets.

1.png


2. Click on New client secret to add a new secret.

10.png


3. Select the desired expiration of the client secret. 

11.png

 

Important: Once the secret expires, group-based access granting will stop working properly in the LucidLink Filespace, therefore, you will need to re-configure the secret before it expires to avoid degraded functionality.

4. Click Add.

11.png

4. Copy the client secret Value

12.png

Important: Client secret values cannot be viewed, except for immediately after creation. Be sure to save the secret when created before leaving the page.

5. Enter a command-prompt or Terminal session as a LucidLink root user and type the following command with your updated client secret <value>.

lucid config --set --global --Sso.ClientSecret <value>

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.