Skip to main content

Credentials enable confidential applications to identify themselves to the authentication service when receiving tokens at a web addressable location (using an HTTPS scheme). For a higher level of assurance, Microsoft recommend using a certificate (instead of a client secret) as a credential.

I don't rule out Microsoft supporting only certificates in the future. Therefore, development in this area does not seem to me to be a wasted investment.

 

For the Universal GUI, we use Identity Provider "Azure" where IAM is linked based on Client ID and Client secret. Because "Client secrets" have an expiration date it would be nice to use a certificate instead of client secret ID.

Expires in 730 days (24 months)​​​

 

 

 

NewOpen

I would like to bring my previously submitted idea to your attention again, especially because the Microsoft Azure - Integration assistant identifies this configuration as "Recommended configurations - Action required."

Microsoft identity platform application authentication certificate credentials

Use certificate credentials instead of password credentials (client secrets).

Is this something that has your attention or does it really depend on the number of votes?