How to update client secret for Service Principal

(0) Share

Report

Posted on by CU17101239-0

Hello,

We've come to the point where we need to update our client secret for the service principal user in our organization.

We've tried to look at different ways to approach this issue, but concluded that there's no easy way to automatically update the client secret when it runs out. We decided that this should be done manually, until we find a good way to create an automated process(if there is a way).

I'm trying to change the secret for out existing Service Principal user, but I cant seem to find where to do this.

I've created a new service principal connector, but it looks like I have to create a new one for all of our existing flows. Is it possible to add the new secret in the power apps admin center? I've read somewhere that it can only be done when the existing secret already has expired. Is this true?

Any help or sharing experience is much appreciated 😄

Categories:

Using connectors

I have the same question (1)

All responses (2)

Answers (0)

RolandZA 2 on at

Like (0)

Report

Hi please refer to previous solution : https://powerusers.microsoft.com/t5/General-Power-Automate/Update-Client-Secret-for-Service-Principal/td-p/550674?ssp=1&darkschemeovr=1&setlang=en&cc=ZA&safesearch=moderate

Was this reply helpful? Yes No

Suggested answer

Len C

379 on at

Like (0)

Report

Wanted to post a summary of my solution here, hoping to clear things up. My scenario may not be yours. I use Connection References, and I did this with Dataverse connections. No need for PowerShell, but one step is not where you

If you used Connection References, you do not need a new Application Principle, and you do not need a new Connection Reference.

You DO need a new Connection - using the existing App Principle it's new Client Secret Value. Your existing connections cannot be updated, aparently. Then, you will simply update the Connection Reference to use the new connection - using the environment's unmanaged default solution.

You cannot create that new Connection from the maker portal's Connections blade. But you can use the maker portal and a temporary flow to create your new service connection, as follows:

	1) Create a button Flow for temporary use. You can delete it later. 2) Add a Dataverse activity such as Get Rows. 3) For the activity's Connection, select New Connection
	4) Select Connect with service principal
	4) Fill out the details. I found the fields confusing given the Entra AD pages use a slightly different mix of the terms 'client', 'id', 'application', 'secret', and more. Here is a guide for what Entra ID fields you need to apply to the fields above. My illustrations are color-coded. Connection name: use a descriptive name. I included a rough date in the name, so I can later distinguish this connection from prior ones Client ID: This is the Application (client) ID of the Service Principal, as found in the principal's Overview tab in Entra ID Client Secret: From the principal's Certificates & secrets tab, this is the Value of the Client secret. It is not the 'Secret ID' column of the Client secret. Tenant: This is the Directory (tenant) ID from the Entra Service Principal overview Illustrations of the Entra ID pages below, with matching color-coding (apologies if colors are not visually accessible). Entra Service Principal tab, Overview page

	Entra Service Principal, Certificates & secrets (here I already created my new secret using +New client secret )

	Now, to update the connection used by the flows, simply go into the environment's Default Solution; find the Connection Reference(s) that used the Service Principal (App ID); and update them to use the new Connection: