Versions Compared

Old Version 2

changes.mady.by.user Knowledge Assistant

Saved on

compared with

New Version Current

changes.mady.by.user Knowledge Assistant

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Panel
borderColor#03396c
titleColorWhite
titleBGColor#03396c
titleDescription of Issue

A new certificate client secret needs to be generated for the Microsoft Azure/Entra ID integration with Okta for Tyler Identity Workforce.

400 Bad request Invalid_Social_Token Received for all Users, No User Can Login

Panel
borderColor#03396c
titleColorWhite
titleBGColor#03396c
titleContext
  • OKTA
  • TID-W
  • ADFS
  • EERP
Panel
borderColor#03396c
titleColorWhite
titleBGColor#03396c
titleCause

Expiration of Client Secret or a domain name change causes client secret failure and the error above

Azure AD
Panel
borderColor#03396c
titleColorWhite
titleBGColor#03396c
titleResolution
  1. Sign in to the Microsoft Azure portalNavigate to  Microsoft Entra admin center (renamed from Azure Active Directory > App registrations > Owned applications
  2. Select the application
  3. Certificate & secrets > Client secrets > New client secret
  4. Give a description and an expiration for the Client’s Secret
    1. Note: The maximum Client Secret expiration date is 24 months. Even if you select the Custom option, the maximum is 2 years. But with PowerShell, there is no maximum, and you can set any date
  5. Copy the value
    1. Note: Client secret values cannot be viewed, except for immediately after creation. Be sure to save the Client Secret value when created before leaving the page
  6. If secret is not yet expired, Update OIDC Client Secret Only in Admin Center

Entra ID

https://learn.microsoft.com/en-us/entra/identity/monitoring-health/recommendation-renew-expiring-application-credential

  1. Sign in to Microsoft Entra admin center
  2. Click Identity > Applications > )
  3. Expand the left side menu
  4. Expand Identity > Applications > clickApp registrations
  5. Click Owned applications tab
  6. Find name: TylerIdentityWorkforceIntegration
  7. Click on Certificates & secrets in the navigation bar
  8. Select the Client Secrets tab
  9. Click the + New client secret button
  10. In the Add a client secret pop-up window, enter the following:
    1. Description: TylerIdentityWorkforceIntegration
    2. Expires: 730 days (24 months).
      1. Note: While Tyler recommends setting the expiration period as long as possible to reduce the need to reconfigure your federation in TID-W when the secret expires, always consult your own internal security posture for the best recommendation.
    3. Click the Add button when finished
  11. Ensure you are returned to the Certificates and Secrets section with the Client secrets tab selected
  12. Copy the Client Secret Value and save it
    1. Note: Client Secret values cannot be viewed except immediately after creation. Remember to save the secret when created before leaving the page.
Panel
borderColor#03396c
titleColorWhite
titleBGColor#03396c
titleAdditional Information
  1. Once the secret is obtained, it needs to be updated in Admin Center for TID-W
    1. Update OIDC Client Secret Only in Admin Center
    2. If secret is expired and you are an Okta Admin Center org admin, you can contact support for a reestablish federation link
Upload a .txt file with the Client Secret Value to your Kiteworks folder and notify the technician on your support case that it is available to be updated
      1. How to renew expired certificate or secret using Reestablish Federation
Panel
borderColor#03396c
titleColorWhite
titleBGColor#03396c
titleAdditional Information

https://learn.microsoft.com/en-us/entra/identity/monitoring-health/recommendation-renew-expiring-application-credential