Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Description of Issue

A new certificate needs to be generated for the Microsoft Azure/Entra ID integration with Okta for Tyler Identity Workforce.

400 Bad request Invalid_Social_Token Received for all Users, No User Can Login

Context
  • OKTA
  • TID-W
  • ADFS
  • EERP
Cause

Expiration of Client Secret or a domain name change causes client secret failure and the error above

Resolution

Azure AD

  1. Sign in to the Microsoft Azure portal
  2. Navigate to Azure Active Directory > App registrations > Owned applications
  3. Select the application
  4. Certificate & secrets > Client secrets > New client secret
  5. Give a description and an expiration for the Client’s Secret
    1. Note: The maximum Client Secret expiration date is 24 months. Even if you select the Custom option, the maximum is 2 years. But with PowerShell, there is no maximum, and you can set any date
  6. Copy the value
    1. Note: Client secret values cannot be viewed, except for immediately after creation. Be sure to save the Client Secret value when created before leaving the page
  7. If secret is not yet expired, Update OIDC Client Secret Only in Admin Center


Entra ID

https://learn.microsoft.com/en-us/entra/identity/monitoring-health/recommendation-renew-expiring-application-credential

  1. Sign in to Microsoft Entra admin center
  2. Click Identity > Applications > App registrations
  3. Click Owned applications tab
  4. Find name: TylerIdentityWorkforceIntegration
  5. Click on Certificates & secrets in the navigation bar
  6. Select the Client Secrets tab
  7. Click the + New client secret button
  8. In the Add a client secret pop-up window, enter the following:
    1. Description: TylerIdentityWorkforceIntegration
    2. Expires: 730 days (24 months).
      1. Note: While Tyler recommends setting the expiration period as long as possible to reduce the need to reconfigure your federation in TID-W when the secret expires, always consult your own internal security posture for the best recommendation.
    3. Click the Add button when finished
  9. Ensure you are returned to the Certificates and Secrets section with the Client secrets tab selected
  10. Copy the Client Secret Value and save it
    1. Note: Client Secret values cannot be viewed except immediately after creation. Remember to save the secret when created before leaving the page.
Additional Information
  • If secret is expired and you are an org admin, can contact support for a reestablish federation link
  • Upload a .txt file with the Client Secret Value to your Kiteworks folder and notify the technician on your support case that it is available to be updated





  • No labels

0 Comments

You are not logged in. Any changes you make will be marked as anonymous. You may want to Log In if you already have an account.