Configuring Client Secrets - Identity and Access Management Services - 3.0 - 3.0 - Other - external

Identity and Access Management Services

Identity and Access Management Services

A client secret is a random string known only to the external client application and the authorization server. A client connection on the Hyland IdP server can be configured to only accept connections from external client applications that have the secret.


The value of a configured client secret cannot be changed after it is saved. To change the value of an existing client secret, it must be added as a new value. See also, Deleting a Client Secret.

To configure client secrets for a client connection on the Hyland IdP server:

  1. Launch the Hyland IdP Administration client and log in (see Accessing the Hyland IdP Administration Client).
    Upon successfully logging in, the tenant, provider, client connection, and API resource information is displayed. In a wide display, the tenant information is in the left pane and the providers, client connections, and API resources configured for that tenant are listed in the right pane. In a narrow display, the tenant information is at the top of the page and the provider, client connection, and API resource information is below it.
  2. Click the Clients tab to view the client connections currently configured for the tenant. The number of client connections configured is displayed in parenthesis in the tab heading.
  3. In the Clients list, click the name of the client connection you want to configure client secrets for.

    The Client configuration page is displayed. It is divided into several areas. In a wide display, the Client Secrets area is displayed on the right of the page. In a narrow display, click the Client Secrets tab to display the Client Secrets area:

  4. Click Add New at the upper right of the Client Secrets tab.
  5. Configure the following option for the client secret.




    A brief description to help identify this client secret, used mostly for logging purposes.



    This value is required.

    The plain-text value of the word or phrase configured as the client secret for the external client application.

    The value entered is converted to a hash of the value when the client connection is saved, but the value passed from the client application must still be plain text.


    The date after which the client secret Value has to be updated.

    Enter the date in M/D/YYYY format, or select it from the graphical calendar by clicking the calendar icon at the right end of the Expiration field:


    The source of the client secret value:

    • Shared Secret

    • X509 Thumbprint

    • X509 Name

    • X509 Certificate Base64


    In most cases you should use Shared Secret.

  6. Click Save in the lower right corner of the page.
  7. Under the Secret settings, select Client Secret must be present to require the client secret with requests.
  8. Recycle the application pool of the Hyland IdP server in IIS for the changes to take effect.