A client secret refers to a confidential piece of information used to authenticate an application in Azure Active Directory. IMS uses the client secret that has been provided to prove its identity when communicating with your Azure AD. If this secret expires, then IMS can no longer prove its identity with Azure AD and the authentication for the user at IMS would be rejected because IMS can't retrieve tokens for the user.  

You are responsible for tracking the expiration and replacement of the client secret for your connection. The lifetime of a client secret is variable and should be set in accordance with your organization's security policies. 

1. In the Azure portal, select "Manage Microsoft Entra ID'.

2. From available menu select "App registrations'.

3. Select the Bentley application for which you want to view the app secrets.

4. On the left, go to "Certificates & secrets".

5. Click on "New client secret".

6. For the description field provide "Bentley". Expiration is up to your organization's discretion. Click 'Add' once an expiration date has been chosen. 

7. A new client secret will populate on the page. Use the copy icon next to the secret value as shown below. We do not need the secret ID. Keep note of the secret value on a notepad as you will not be able to see this value again once you navigate away from this page. Also, make note of the expiration date of the client secret to remember to update it before the expiration date.

8. Please email IMSteam@bentley.com with any questions or concerns when updating your client secret. When you're ready to deliver the client secret to Bentley, please consult your organization's security policies regarding sharing sensitive information. 

9. Once client secret is updated on our end, we will notify you after which you can delete the old client secret on your side.