...
The workflow automates the detection and cleanup of expired Azure secrets and certificates. Removing these invalid credentials from Azure and EID EmpowerID keeps the system clean, secure, and in sync.
...
Cross-Tenant Credential Scan
The workflow retrieves client secrets and certificates from every Azure tenant configured in EmpowerID.
It gathers metadata for all credentials associated with each application across these tenants.
Expiration Check
Each discovered secret or certificate is evaluated against its expiration date.
Any credential found to be expired is flagged for removal.
Azure Removal
If a credential is expired, the workflow attempts to delete it in Azure.
If Azure confirms the deletion, the process moves to removal in EmpowerID.
Deletion in EmpowerID
Once the credential is deleted in Azure, the workflow removes EmpowerID’s corresponding external credential record.
This ensures that EID EmpowerID accurately reflects the current state of credentials.
Notifications
An email notifies the application owners and the credential owners for each expired credential removed.
If multiple credentials in a single application are expired, each credential triggers a separate notification.
...