How to update expiring Azure API token within ZTNA
Article ID: 420483
Updated On:
Products
Issue/Introduction
ZTNA admin configured Azure Identity Provider using the documented steps.
API keys initially provisioned are valid for 6 months but will expire soon.
Want to avoid any user impact and make changes before the API key expires.
Can I extend the key or do I need to create a new key, or do I need to create a new Azure Identity Provider again?
Environment
ZTNA.
Azure Identity Provider.
Cause
When registering a confidential client application in Microsoft Entra, one must define an expiration date which will eventually be reached.
Resolution
Updating the client secret does not entail creating a new ENtra Identity provider - it simply requires the generation of a new client secret on the Microsoft Entra side, and the copying of the newly created secret value into the existing ZTNA Azure Identity provider application.
Specifically,
- Go to Entra Portal and execute the following documentation steps 5-7, saving the new secret to the clipboard.
- Go to the ZTNA Admin Portal and edit the existing Entra Identity Provider
- Paste the new secret generated from the Entra Portal above into the Application key field highlighted in yellow below
- Paste the new secret generated from the Entra Portal above into the Application key field highlighted in yellow below
Once done, have a user login again to the ZTNA Portal using Azure and confirm all working as expected.
Feedback
