Skip to main content

Client Secret support for Microsoft 365 connector

note

This enhancement is available with IT Asset Management.

In a frequently-requested enhancement, the Microsoft 365 connector configured on your preferred inventory beacon can now use a client secret, rather than a session token, for authorizing its requests for inventory data.

tip

This enhancement requires that your relevant inventory beacon is upgraded to FlexNet Beacon version 17.0.0 or later. Once upgraded, FlexNet Beacon supports switching your existing token-based authentication to authentication using a client secret, using the same process as for a new connection.

The client secret configuration is only available when you choose to configure your own single-tenant 'app' in Azure AD, where it is a standard configuration supported by Microsoft for an application (in this case, the connector) that needs to authenticate as itself without user interaction or consent. You will need global administrator permissions in the Azure portal to initially configure the client secret, and you can select the period (between 3 months and 2 years) that the client secret should remain valid, to suit the administrative processes in your enterprise. Of course, shortly before your client secret expires, you should generate a replacement.

Once the Azure portal provides your client secret, you must immediately copy it into a secure location (perhaps a spreadsheet saved securely), along with your chosen expiry date – because as soon as you change pages in the Azure portal, your client secret is hidden forever!

On the inventory beacon side, configuration is as simple as choosing the new Authenticating Flow setting for Client Credentials, and then pasting the supplied client secret into the Client Secret field that appears. The updated connector continues to run on your existing schedule and to return all expected data.