Invalid client ID or secret with Microsoft SSO

When trying to sign in to your Devolutions Hub Business using Microsoft Single Sign-On (SSO), you may encounter the following error message: "The client ID or secret supplied by your organization is invalid, please contact an administrator of your organization."

Invalid client ID or secret error message
Invalid client ID or secret error message

Solution

This most likely means that your client secret is expired in the Microsoft Azure Portal. The solution is to create a new secret and change it in your Devolutions Hub Business SSO configuration.

Verify the client secret expiration date

  1. In a new web browser page, open your Microsoft Azure Portal and sign in to your account.
  2. Select Microsoft Entra ID (formerly Azure Active Directory) in the Azure services section. If you do not see it, click on More services to make other services appear.
    Microsoft Entra ID service
    Microsoft Entra ID service
  3. Click on App registrations in the left menu.
    App registrations
    App registrations
  4. In the list, click on the application that you configured single sign-on with in your hub to go to its overview.
  5. Click on Certificates & secrets in the left menu.
  6. Locate the secret that is currently used in your Devolutions Hub Business SSO configuration and see if it is expired in the Expires column.
    Enterprise applications
    Enterprise applications
    If it is indeed expired, this is most likely the cause of your connection issue. You need to create a new client secret and change it in your Devolutions Hub Business SSO configuration by following the next steps.

If the client secret is not expired, the issue may come from your client ID. Verify that it matches the one in your SSO configuration then try logging in again.

Create a new client secret

  1. Click on New client secret.

    New client secret
    New client secret

  2. In the Add a client secret window, enter a Description (for example, the name of your Enterprise app) and select an expiration date for this client secret, as per your best internal security practices.

    Add a client secret
    Add a client secret

  3. Click Add.

  4. Copy the Value of this new client secret by clicking on the Copy to clipboard icon next to it.

    Copy the client secret value
    Copy the client secret value

    The expired client secret can be deleted without any issue since it is expired and cannot be used anymore.

  5. Log in to Devolutions Hub Business using your Devolutions account.

    If you have enabled the Force SSO on all users option in your configuration, you will not be able to log in using your Devolutions account. In this case, contact our support team to request the disabling of this option.

  6. Once logged in, go to Administration – Authentication – Single Sign-On (SSO), then select your Microsoft SSO configuration.

  7. Replace the currently expired Client secret key with the newly created one you copied earlier.

    Replace the client secret key
    Replace the client secret key

  8. Click Test Configuration.

    Test Configuration
    Test Configuration

  9. If the connection is successful, your account will connect with Entra ID (formerly Azure AD) and you will see a summary of your configuration.

  10. In the Summary of your configuration, click Save.

    Save your configuration
    Save your configuration

You and your users should now be able to sign in to the hub using Microsoft SSO.

If you still encounter issues, contact our support team.

Devolutions Forum logo Give us Feedback