Versions Compared

Old Version 1

changes.mady.by.user Knowledge Assistant

Saved on

compared with

New Version Current

changes.mady.by.user Knowledge Assistant

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Panel
borderColor#03396c
titleColorWhite
titleBGColor#03396c
titleDescription of Issue

Okta 400 Bad request Invalid_Social_Token Received for all Users, No User Can LoginA new client secret needs to be generated for the Microsoft Azure/Entra ID integration with Okta for Tyler Identity Workforce.

Panel
borderColor#03396c
titleColorWhite
titleBGColor#03396c
titleContext
  • OKTA
  • TID-W
  • ADFS
  • EERP
Panel
borderColor#03396c
titleColorWhite
titleBGColor#03396c
titleCause

Expiration of Client Secret or a domain name change causes client secret failure and the error above

To renew the Client Secret in Azure AD portal, follow these steps:
Panel
borderColor#03396c
titleColorWhite
titleBGColor#03396c
titleResolution
1. Note: Client secret values cannot be viewed, except for immediately after creation. Be sure to save the Client Secret value
  1. Sign in to
the Microsoft Azure portal.

2. Navigate to Azure Active Directory > App registrations > Owned applications.

3. Select the application.

4.  Certificate & secrets > Client secrets > New client secret.

5. Give a description and an expiration for the Client’s Secret.

 Note: The maximum Client Secret expiration date is 24 months. Even if you select the Custom option, the maximum is 2 years. But with PowerShell, there is no maximum, and you can set any date.

6. Copy the value.

  1. Microsoft Entra admin center (renamed from Azure Active Directory)
  2. Expand the left side menu
  3. Expand Identity > Applications > clickApp registrations
  4. Click Owned applications tab
  5. Find name: TylerIdentityWorkforceIntegration
  6. Click on Certificates & secrets in the navigation bar
  7. Select the Client Secrets tab
  8. Click the + New client secret button
  9. In the Add a client secret pop-up window, enter the following:
    1. Description: TylerIdentityWorkforceIntegration
    2. Expires: 730 days (24 months).
      1. Note: While Tyler recommends setting the expiration period as long as possible to reduce the need to reconfigure your federation in TID-W when the secret expires, always consult your own internal security posture for the best recommendation.
    3. Click the Add button when finished
  10. Ensure you are returned to the Certificates and Secrets section with the Client secrets tab selected
  11. Copy the Client Secret Value and save it
    1. Note: Client Secret values cannot be viewed except immediately after creation. Remember to save the secret when created before leaving the page.
7. Upload a .txt file of the Client Secret to your Kiteworks folder and notify the technician on your support case that it is available to be updated.
  1. Once the secret is obtained, it needs to be updated in Admin Center for TID-W
    1. Update OIDC Client Secret Only in Admin Center
    2. If secret is expired and you are an Okta Admin Center org admin, you can contact support for a reestablish federation link
      1. How to renew expired certificate or secret using Reestablish Federation
Panel
borderColor#03396c
titleColorWhite
titleBGColor#03396c
titleAdditional Information

https://learn.microsoft.com/en-us/entra/identity/monitoring-health/recommendation-renew-expiring-application-credential