Description of Issue
A new certificate needs to be generated for the Microsoft Azure/Entra ID integration with Okta for Tyler Identity Workforce.
Context
- OKTA
- TID-W
- ADFS
- EERP
Cause
Expiration of Client Secret or a domain name change causes client secret failure
Resolution
- Sign in to Microsoft Entra admin center (replaced the Microsoft Azure portal)
- Click Identity > Applications > App registrations
- Click Owned applications tab
- Find name: TylerIdentityWorkforceIntegration
- Click on Certificates & secrets in the navigation bar
- Select the Client Secrets tab
- Click the + New client secret button
- In the Add a client secret pop-up window, enter the following:
- Description: TylerIdentityWorkforceIntegration
- Expires: 730 days (24 months).
- Note: While Tyler recommends setting the expiration period as long as possible to reduce the need to reconfigure your federation in TID-W when the secret expires, always consult your own internal security posture for the best recommendation.
- Click the Add button when finished
- Ensure you are returned to the Certificates and Secrets section with the Client secrets tab selected
- Copy the Client Secret Value and save it
- Note: Client Secret values cannot be viewed except immediately after creation. Remember to save the secret when created before leaving the page.
Additional Information
- https://learn.microsoft.com/en-us/entra/identity/monitoring-health/recommendation-renew-expiring-application-credential
- If secret is expired and you are an Okta Admin Center org admin, you can contact support for a reestablish federation link
0 Comments