A Client Secret has an expiration date of up to 2 years when you create it from the Azure AD portal. But we don’t want to take care of it and renew the Client Secret every 2 years. What if we could create a Client Secret with an unlimited expiration date? In this article, you will learn how to create an unlimited Client Secret in Azure AD with PowerShell.
Table of contents
Client Secret in Azure AD
Credentials allow your application to authenticate itself, requiring no interaction from a user at runtime. Because it is easy to use, we will add a Client Secret as credentials to an app registration.
There are two ways to create a client secret to an application:
- Client Secret in Azure AD valid for a maximum of 24 months
- Client Secret with PowerShell valid for unlimited time
If you already have a Client Secret for an application in Azure AD and need to renew it, then you don’t need to create a new one in Azure AD. You can use the PowerShell script to create an unlimited Client Secret.
Register an application in Azure AD
To register an application in Azure AD, follow these steps:
- Sign in to Microsoft Azure
- Click Menu > Azure Active Directory
- Click App registrations
- Click New registration
- Name your application Unlimited
- Select Accounts in this organizational directory only – (Single tenant)
- Click Register
You will get a notification stating Successfully created an application, and it will show the application Unlimited overview.
- Copy the Object ID and paste it into Notepad, as you will need it later with PowerShell when creating an unlimited Client Secret
Create a Client Secret for application in Azure AD
To create a Client Secret for your application in Azure AD, follow these steps:
- Click on Certificates & secrets
- Click Client secrets > New client secret
- Type the description
- Select an expiration date
- Click Add
Note: The Client Secret expiration date has a maximum of 24 months (2 years). You can’t choose a longer expiration period in Azure AD when you create or renew a Client Secret. This is only possible with PowerShell, where you can set an unlimited expiration date.
- Copy the Client Secret Value and save it
Note: Client secret values cannot be viewed except immediately after creation. Remember to save the secret when created before leaving the page.
Create unlimited Client Secret for application with PowerShell
Once you create an app registration, you can create a Client Secret and set the expiration date unlimited with PowerShell.
Note: You must install the Azure Active Directory PowerShell Module.
Follow the steps below to create an unlimited Client Secret with PowerShell:
- Open PowerShell ISE as administrator
- Copy the below script and paste it into PowerShell ISE
- Paste the Object ID you copied earlier on line 2
- Fill in the Client Secret Description you created earlier on line 3
- Type the number of expiration years on line 4
# Parameters
$AppObjectID = "bb32d329-b30c-4b4b-97cb-17de0768541c"
$AppSecretDescription = "Unlimited"
$AppYears = "50"
# Connect to AzureAD
Connect-AzureAD
# Add App Client Secret - Valid for 50 years (change to 999 for unlimited years)
$StartDate = Get-Date
$EndDate = $StartDate.AddYears($AppYears)
$AppClientSecret = New-AzureADApplicationPasswordCredential -ObjectId $AppObjectID -StartDate $StartDate -EndDate $EndDate -CustomKeyIdentifier $AppSecretDescription
# Write Client Secret value
Write-Host $AppClientSecret.Value- Run the PowerShell script and sign in with your global administrator credentials
The PowerShell output shows the Client Secret value.
ov607HSo/xiOxQZh99emJt0SUaqxmIN/fua/rYAbxUw=
Account Environment TenantId TenantDomain AccountType
------- ----------- -------- ------------ -----------
msadmin@m365info.com AzureCloud a2ff010e-0e03-4c56-8863-2ae7f07876dd m365info.com User - Copy the Client Secret Value and save it
Note: Client secret values cannot be viewed except immediately after creation. Remember to save the secret before you close the PowerShell window.
- Go to your application in Azure
- Click on Certificates & Secrets > Clients Secrets
- Delete the Client Secret that is going to expire
You can see that your new Client Secret is added and expires after 50 years.
You successfully configured a Client Secret for an application in Microsoft Azure that never expires!
Read more: Configure Certificate Based Authentication to run automated PowerShell scripts »
Conclusion
You learned how to create an unlimited Client Secret in Azure AD with PowerShell. First, create a new Client Secret in Azure AD. Next, use the Object ID and paste it into the PowerShell script with an expiration year of your choice. From now on, it is no longer necessary to renew the Client Secret as there is no expiration date.
Did you enjoy this article? You may also like How to set Microsoft 365 password to never expire. Don’t forget to follow us and share this article.