skip to Main Content

Create unlimited Client Secret in Azure AD

A Client Secret has an expiration date of up to 2 years when you create it from the Azure AD portal. But we don’t want to take care of it and renew the Client Secret every 2 years. What if we could create a Client Secret with an unlimited expiration date? In this article, you will learn how to create an unlimited Client Secret in Azure AD with PowerShell.

Client Secret in Azure AD

Credentials allow your application to authenticate itself, requiring no interaction from a user at runtime. Because it is easy to use, we will add a Client Secret as credentials to an app registration.

There are two ways to create a client secret to an application:

  1. Client Secret in Azure AD valid for a maximum of 24 months
  2. Client Secret with PowerShell valid for unlimited time

If you already have a Client Secret for an application in Azure AD and need to renew it, then you don’t need to create a new one in Azure AD. You can use the PowerShell script to create an unlimited Client Secret.

Register an application in Azure AD

To register an application in Azure AD, follow these steps:

  1. Sign in to Microsoft Azure
  2. Click Menu > Azure Active Directory
Create unlimited Client Secret in Azure AD Portal Sign
  1. Click App registrations
  2. Click New registration
Create unlimited Client Secret in Azure AD new registration
  1. Name your application Unlimited
  2. Select Accounts in this organizational directory only – (Single tenant)
  3. Click Register
Register an application in Microsoft Azure AD

You will get a notification stating Successfully created an application, and it will show the application Unlimited overview.

  1. Copy the Object ID and paste it into Notepad, as you will need it later with PowerShell when creating an unlimited Client Secret
Application overview copy Object ID

Create a Client Secret for application in Azure AD

To create a Client Secret for your application in Azure AD, follow these steps:

  1. Click on Certificates & secrets
  2. Click Client secrets > New client secret
  3. Type the description
  4. Select an expiration date
  5. Click Add

Note: The Client Secret expiration date has a maximum of 24 months (2 years). You can’t choose a longer expiration period in Azure AD when you create or renew a Client Secret. This is only possible with PowerShell, where you can set an unlimited expiration date.

Create unlimited Client Secret in Azure AD
  1. Copy the Client Secret Value and save it

Note: Client secret values cannot be viewed except immediately after creation. Remember to save the secret when created before leaving the page.

Create unlimited Client Secret in Azure AD copy Value

Create unlimited Client Secret for application with PowerShell

Once you create an app registration, you can create a Client Secret and set the expiration date unlimited with PowerShell.

Note: You must install the Azure Active Directory PowerShell Module.

Follow the steps below to create an unlimited Client Secret with PowerShell:

  1. Open PowerShell ISE as administrator
  2. Copy the below script and paste it into PowerShell ISE
  3. Paste the Object ID you copied earlier on line 2
  4. Fill in the Client Secret Description you created earlier on line 3
  5. Type the number of expiration years on line 4
# Parameters
$AppObjectID = "bb32d329-b30c-4b4b-97cb-17de0768541c"
$AppSecretDescription = "Unlimited"
$AppYears = "50"

# Connect to AzureAD
Connect-AzureAD

# Add App Client Secret - Valid for 50 years (change to 999 for unlimited years)
$StartDate = Get-Date
$EndDate = $StartDate.AddYears($AppYears)
$AppClientSecret = New-AzureADApplicationPasswordCredential -ObjectId $AppObjectID -StartDate $StartDate -EndDate $EndDate -CustomKeyIdentifier $AppSecretDescription

# Write Client Secret value
Write-Host $AppClientSecret.Value
  1. Run the PowerShell script and sign in with your global administrator credentials
Create unlimited Client Secret in Azure AD Sign in Microsoft

The PowerShell output shows the Client Secret value.

ov607HSo/xiOxQZh99emJt0SUaqxmIN/fua/rYAbxUw=
Account              Environment TenantId                             TenantDomain AccountType
-------              ----------- --------                             ------------ -----------
msadmin@m365info.com AzureCloud  a2ff010e-0e03-4c56-8863-2ae7f07876dd m365info.com User       
  1. Copy the Client Secret Value and save it

Note: Client secret values cannot be viewed except immediately after creation. Remember to save the secret before you close the PowerShell window.

  1. Go to your application in Azure
  2. Click on Certificates & Secrets > Clients Secrets
  3. Delete the Client Secret that is going to expire

You can see that your new Client Secret is added and expires after 50 years.

Create unlimited Client Secret in Azure AD never expire

You successfully configured a Client Secret for an application in Microsoft Azure that never expires!

Read more: Configure Certificate Based Authentication to run automated PowerShell scripts »

Conclusion

You learned how to create an unlimited Client Secret in Azure AD with PowerShell. First, create a new Client Secret in Azure AD. Next, use the Object ID and paste it into the PowerShell script with an expiration year of your choice. From now on, it is no longer necessary to renew the Client Secret as there is no expiration date.

Did you enjoy this article? You may also like How to set Microsoft 365 password to never expire. Don’t forget to follow us and share this article.

The o365info Team

The o365info Team

This article was written by our team of experienced IT architects, consultants, and engineers.

This Post Has 0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *