Click HERE to see how Saviynt Intelligence is transforming the industry. |
10/09/2024 07:55 PM
Hello,
Is there any option to receive notification prior to Azure AD Client Secret expiry?
10/09/2024 08:05 PM - edited 10/09/2024 10:44 PM
Here are some options:
Example using Microsoft Graph API:
You can then compare the expiration date to the current date and trigger a notification if the secret is set to expire soon.
You can use a PowerShell script to automate the process of checking for expiring client secrets. This script can run on a schedule and send an email or other alerts when a secret is nearing expiration.
Sample PowerShell snippet:
$appId = "your-app-id" $secrets = (Get-AzADApplication -ApplicationId $appId).PasswordCredentials foreach ($secret in $secrets) { $expiryDate = $secret.EndDate if ($expiryDate -lt (Get-Date).AddDays(30)) { # Send an alert (e.g., email notification) Write-Host "Client Secret expiring on $expiryDate" } }
You can set this script up in an Azure Automation runbook to execute periodically.
Azure Monitor with Log Analytics can be configured to track client secret expirations and send alerts.
Steps:
Some third-party cloud monitoring tools like Datadog, PagerDuty, or Splunk offer integrations with Azure and can be configured to monitor client secrets, certificates, and other Azure resources for expiration.
If you're storing secrets in Azure Key Vault, you can set up Key Vault Event Grid notifications to alert you when secrets are about to expire.
10/09/2024 10:36 PM
@IDAM09 i believe Azure also provides a way which notifies you when a secret expires.