Rotate the client secret of the SSO application
Minimize the risk of unauthorized access or misuse of secrets
読み終わるまでの所要時間 1 分最終更新 5日前
重要
To enable single sign-on (SSO) with Unity Virtual Private Cloud, the recommended practice is to establish a procedure to rotate the client secret of the application that you have created in the enterprise identity provider (IdP). For Microsoft Entra ID, the maximum secret lifetime is two years, so you must handle its expiration anyway.
- In the enterprise IdP, add a new secret to the client.
- In Keycloak, replace the secret in the IdP configuration, and then verify that SSO works.
- In the enterprise IdP, delete the previous client secret.
注
This secret isn't stored in the solution key vault.