MoreCore Platform
Admin Tasks
Update App Registration Secret
MOR-PROC-035 Version 1 Last Review Date: Feb, 2025

Update App Registration Secret

Overview

In the App Service Environment Variables the following values are stored:

  • AzureAdClientID
  • AzureADClientSecret The AzureADClientSecret field contains a secret key generated in an Entra ID App Registration, allowing secure access of the app to the Entra ID environment. If the Secret in the App Registration expires, the authentication process into the the platform will fail with the following error:

Access Denied An error occurred when trying to create a controller of type 'UsersController'. Make sure that the controller has a parameterless public constructor.

Note: In the past, Secret expiries could be set to any future value, such as 100 years in the future, effectively meaning that no update would be required. This looks to have changed now and the maximum that can be set is two years.

Links

EnviroKey Expiration DateApp Service LinkApp Registration Link
Prod31/12/2299https://portal.azure.com/#view/Microsoft_AAD_RegisteredApps/ApplicationMenuBlade/~/Overview/appId/b6218d8e-6db7-4438-af92-63e592eb2345/isMSAApp~/false (opens in a new tab)
Demo17/2/2027https://portal.azure.com/#@cbcgroup.com.au/resource/subscriptions/e89e4cf9-5904-400a-9af4-531dd7b774bd/resourceGroups/CMMS-DEMO-AUSE/providers/Microsoft.Web/sites/cmms-demo/appServices (opens in a new tab)https://portal.azure.com/#view/Microsoft_AAD_RegisteredApps/ApplicationMenuBlade/~/Overview/appId/f9c3113b-aab7-4e6e-a1eb-38519f359e35/isMSAApp~/false (opens in a new tab)
Dev (Post)
Test18/2/2027https://portal.azure.com/#@cbcgroup.com.au/resource/subscriptions/e89e4cf9-5904-400a-9af4-531dd7b774bd/resourceGroups/CMMS-TEST/providers/Microsoft.Web/sites/pmms-ause-test/appServices (opens in a new tab)https://portal.azure.com/#view/Microsoft_AAD_RegisteredApps/ApplicationMenuBlade/~/Overview/appId/f9cbb824-9764-48ce-8dff-908cca5271d5/isMSAApp~/false (opens in a new tab)

Update Steps

Regenerate Secret

Access Azure Portal
Find App Registration
  • Navigate to Entra ID
  • Click 'App Registrations'
  • Click the appropriate App Registration (match the AzureADClientID to the client ID of the App Registration)
Create a new Secret
  • Click 'Manage'
  • Click 'Certificates & Secrets'
  • Click 'New client secret'
  • In the popup, set the description to the environment name, and expiry to two years
  • Click 'Add'
  • Click 'Confirm'
  • Note the client value (copy this immediately as it cannot be viewed later)

Update App Services

Access Azure Portal
Access App Service
Update client value
  • Click 'Settings'
  • Click 'Environment Variables'
  • Click 'AzureADClientSecret'
  • Update the Value field with the new secret value from step 1
  • Click 'Apply' on the pop-up
  • Click 'Apply' on the Environment Settings pane
Repeat these steps for second App Service for the environment

Restart the application

  • Restart both App Services associated with the environment. Allow around 5 minutes for the restart to complete.
Update SSL CertificateUpdates