Description of Issue
A new certificate needs to be generated for the Microsoft Azure/Entra ID integration with Okta for Tyler Identity Workforce.
400 Bad request Invalid_Social_Token Received for all Users, No User Can Login
Context
- OKTA
- TID-W
- ADFS
- EERP
Cause
Expiration of Client Secret or a domain name change causes client secret failure and the error above
Resolution
Azure AD
- Sign in to the Microsoft Azure portal
- Navigate to Azure Active Directory > App registrations > Owned applications
- Select the application
- Certificate & secrets > Client secrets > New client secret
- Give a description and an expiration for the Client’s Secret
- Note: The maximum Client Secret expiration date is 24 months. Even if you select the Custom option, the maximum is 2 years. But with PowerShell, there is no maximum, and you can set any date
- Copy the value
- Note: Client secret values cannot be viewed, except for immediately after creation. Be sure to save the Client Secret value when created before leaving the page
- If secret is not yet expired, Update OIDC Client Secret Only in Admin Center
Entra ID
- Sign in to Microsoft Entra admin center
- Click Identity > Applications > App registrations
- Click Owned applications tab
- Find name: TylerIdentityWorkforceIntegration
- Click on Certificates & secrets in the navigation bar
- Select the Client Secrets tab
- Click the + New client secret button
- In the Add a client secret pop-up window, enter the following:
- Description: TylerIdentityWorkforceIntegration
- Expires: 730 days (24 months).
- Note: While Tyler recommends setting the expiration period as long as possible to reduce the need to reconfigure your federation in TID-W when the secret expires, always consult your own internal security posture for the best recommendation.
- Click the Add button when finished
- Ensure you are returned to the Certificates and Secrets section with the Client secrets tab selected
- Copy the Client Secret Value and save it
- Note: Client Secret values cannot be viewed except immediately after creation. Remember to save the secret when created before leaving the page.
Additional Information
- If secret is expired and you are an org admin, can contact support for a reestablish federation link
- Upload a .txt file with the Client Secret Value to your Kiteworks folder and notify the technician on your support case that it is available to be updated
Add Comment