Versions Compared
Key
- This line was added.
- This line was removed.
- Formatting was changed.
If your organization integrates applications with Azure AD, you can manage those applications in EmpowerID
...
, including creating new client secrets for those applications
...
. The workflow used to create client secrets is the CreateAzureAppClientSecret workflow. This workflow has a number of parameters that you can configure to alter the fields that appear when creating client secrets. In this article, you test configuring the workflow parameters for your environment and then create a client secret for an application integrated with your Azure AD tenant.
Easy html macro | ||||
---|---|---|---|---|
|
...
|
...
|
...
|
...
|
...
| |
Easy html macro | ||||
---|---|---|---|---|
|
Create a client secret for an application
...
Configure workflow parameters
The workflow for creating Azure app client secrets is CreateAzureAppClientSecret. The workflow has several parameters that affect field values. These parameters are listed in the below table. In this example, you set the DefaultAzureTenantID parameter to the Azure tenant with the applications for which you want to create secrets.
Excerpt | |||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| |||||||||||||||||||||||||||||||||||
|
To configure workflow parameters for your needs, do the following:
On the navbar, expand Object Administration and select Workflows.
Select the Workflow tab and search for Create Azure App Client Secret.
Click the Display Name for the workflow.
Image AddedOn the Workflow Details page for the workflow, expand the Request Workflow Parameters accordion and click the edit button for the DefaultAzureTenantID parameter.
Image AddedEnter the Azure Tenant ID in the Value field and click Save.
Image AddedConfigure any other settings as needed.
Create a client secret for an application
Navigate to the Resource Admin application portal for your environment.
Select Applications from the dropdown menu and then click the Workflows tab.
Click the Create Azure Application Client Secret card.
Image Added
This opens the Create Azure Application Client Secret wizard, which assists you with creating an Azure application client secret.
...
- Image Added
Select the Azure tenant where the target application is hosted.
Select the application.
...
Click Next.
Image AddedEnter the following information:
Secret Name – Name of the secret
Secret Description – Description of the secret
Secret Expiration – Select an expiration date for the secret
Select Location – Select a location for the secret in EmpowerID. Default Organization is selected by default; if you wish to change this, click the Default Organization link and then search for and choose the desired location from the Location tree
...
Click Submit.
...
...
.
...
Select a Secret Expiration.
Vault this credential
...
Select a Client Secret Owner.
Click Submit.
...
– Select this option to store the secret in EmpowerID
Enable sharing – Select this option to allow others to request access to the secret; if this option is not selected, users cannot view or perform any actions against the secret in EmpowerID
Client Secret Owner – Search for and select an EmpowerID Person to be the owner of the secret. This is eternal to EmpowerID and has no meaning in Azure; however, the field is bound to people who have accounts in the specified Azure tenant.
Click Next.
Image AddedReview the information and click Submit.
You should see the client secret you just created for the application. If desired, copy the client secret and store it in a secure location.
Image ModifiedClick Submit to exit the wizard.
Verify the secret in Azure
In your Azure tenant, navigate to Azure AD > App registrations.
Search for the application with the secret you created in EmpowerID and click the Display Name link for it.
Image ModifiedUnder Manage, select Certificates & secrets.
Image Modified
You should see the new secret.
View the secret in EmpowerID
If you chose to vault the secret in EmpowerID, the secret owner can view the secret and share it with others as needed.
On the navbar, expand Privileged Access and select Shared Credentials.
Select the All Shared Credentials tab and then search for the client secret you created.
You should see the record for the secret.
Image Modified
Insert excerpt | ||||||
---|---|---|---|---|---|---|
|
Div | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||
IN THIS ARTICLE
|