Rotate the client secret of the SSO application

Minimize the risk of unauthorized access or misuse of secrets

Read time 1 minute

Last updated a month ago

Important

To enable single sign-on (SSO) with Unity Virtual Private Cloud, the recommended practice is to establish a procedure to rotate the client secret of the application that you have created in the enterprise identity provider (IdP). For Microsoft Entra ID, the maximum secret lifetime is two years, so you must handle its expiration anyway.

To rotate the client secret, complete these steps:

In the enterprise IdP, add a new secret to the client.
In Keycloak, replace the secret in the IdP configuration, and then verify that SSO works.
In the enterprise IdP, delete the previous client secret.

Note

This secret isn't stored in the solution key vault.

Next steps

Configure the user experience

Documentation

Engine

Services

Grow

Industry

Support

Unity Cloud

Get Started

Creator SDKs and Services

Unity Cloud

Rotate the client secret of the SSO application

Next steps