Share via

necessary roles for updating client secret at Azure Enterprise Application

nobuko nagahara 0 Reputation points
2025-12-15T07:58:07.0566667+00:00

Regarding an enterprise application in Azure, could you please advise on the necessary permissions required to update the client secret when its expiration date has passed?

If it's possible to configure settings so that only specific apps can be updated, I would like to know about that as well. Thank you for your assistance.

Azure API Management
Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Aditya N 1,285 Reputation points Microsoft External Staff Moderator
    2025-12-15T08:28:42.8133333+00:00

    Hello @nobuko nagahara

    Necessary Permissions

    To update a client secret in Azure, the user making the request typically needs the following permissions:

    • Application Administrator
    • Cloud Application Administrator
    • Global Administrator
    • Owner of the Service Principal

    These roles allow the user to manage application settings, including updating client secrets.

    Updating Client Secrets

    Once the user has the necessary permissions, here's how to update the client secret:

    1. Sign in to the Azure portal.
    2. Navigate to Microsoft Entra ID > Manage > App registrations.
    3. Select the application for which you want to update the client secret.
    4. On the application’s page, look for the Certificates & secrets section.
    5. Under Client secrets, you can create a new secret by selecting New client secret or you can modify an existing one if applicable.

    Restricting Client Secret Updates

    To restrict who can update client secrets, you might consider using App Roles which allow you to define permissions around who can manage specific functionalities of your application. Specifically:

    1. Define custom app roles in your Azure AD application.
    2. Assign those roles selectively to users or groups, ensuring that only authorized individuals can update the client secret.
    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.