If your Entra ID Client Secret expires at the end of this month, make sure that you create a new secret as soon as possible and enter that in Central.
Your Entra ID Client Secret (API) needs to be continuous valid. It's for the connection between Central and Entra ID (Azure), and is fully independent from the client profile.
If your client secret in Entra ID expires, create a new one (with + New client secret) and enter that in your Central Authentication & Policy configuration:
You can create a secret with up to 2 year validity, and can create as many as you want, so if you prefer the default validity of 1 year, you could create a new secret every 6 months for example to have a remaining validity of at least 6 months every time.
If your client secret expires, I'd expect new clients no longer to be able to onboard/get new certificates (note certificates will be 1 year valid, regardless the client secret expiration/validity). I'm not sure what happens with clients that have a valid certificate, but try to log on after the secret expired, but can imagine that they won't get access as the account cannot be validated anymore to Entra ID (Authorization!). As soon as your renew the client secret, I'd expect existing clients to connect for sure.
Client secret is between Central and Entra ID communication. Make sure it is renewed in time and continuous valid.
Onboarded clients have a certificate that is used during network authentication, and only is relevant between the client and Central Cloud Authentication and Policy.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Jun 25, 2024 04:54 PM
From: cdelarosa
Subject: Aruba Cloud Auth - Azure AD Aruba Central Integration
hello
my client's secret expires soon at the end of this month, I did last year this integration, that's why I was asking if the only thing I needed to do was create a new client secret and go to the Aruba Central and change that client secret and save the change
The device is a Windows, but the app doesn't look like yours, it doesn't say central.
They are using Aruba OS 8 and not Aruba OS 10, not sure if it's for this.
Thanks!
Original Message:
Sent: Jun 25, 2024 04:45 PM
From: sajinnair
Subject: Aruba Cloud Auth - Azure AD Aruba Central Integration
No, once IDP (azure) is connected no need to change the secret after 12 months.
Network refresh will update the certificate.
Refresh works for me on different type of devices.
Are you testing on a laptop/smartphone?
------------------------------
Regards, Sajin
ACMX, ACX-CA
Original Message:
Sent: Jun 25, 2024 04:27 PM
From: Carlos De La Rosa
Subject: Aruba Cloud Auth - Azure AD Aruba Central Integration
Also, I forgot to tell you that my application didn't look like that and I didn't have the refresh button
What I did to test was that if he installed the app again and re-ran it, it gave him a new certificate with a new expiry date of one more year
About the client's secret, I guess I just need to create a new one on Azure and then on Central, it will give me the option to show and after that, I can conceal it, the password it was showing was not the client secret. So I'm confused.
I didn't want to try to delete it because I'm not doing that work yet but I guess I can delete it and put in the new one right?
Original Message:
Sent: Jun 24, 2024 03:46 PM
From: cdelarosa
Subject: Aruba Cloud Auth - Azure AD Aruba Central Integration
so the process would be create a new cloud auth secret so the Aruba central can authenticate again another year and after that use the refresh button on the app that is installed on the machines
Let me know if I'm missing something?
Thanks
Carlos
Original Message:
Sent: Jun 24, 2024 08:14 AM
From: sajinnair
Subject: Aruba Cloud Auth - Azure AD Aruba Central Integration
In the Aruba Onboard APP there is an option to refresh the profile.
I tested it and it also does change the certificate expiration date.
Following screenshot would be helpful.
Step1: Right click (for laptop) on the Network profile - on smart phone swipe to the right and should be able to get the network refresh option.
Click on Refresh and the last updated section should change - as you can follow in the below screenshot.
Under certmgr - expiration date should change to the current date.
Hope it helps!
------------------------------
Regards, Sajin
ACMX, ACX-CA
Original Message:
Sent: Jun 21, 2024 01:01 PM
From: cdelarosa
Subject: Aruba Cloud Auth - Azure AD Aruba Central Integration
Hello guys i have a question regarding this
I have already set this without issues It is running fine, everyone is onboarding their TLS certificate for 1 year, and its all good
here is the question
For the next year we will have to create a new cloud auth secret so the Aruba central can authenticate again another year? and also i guess everyone will need to onboard AGAIN with the application of the certificate for all the devices
i believe that the time of the certificate depends on the auth secret? right?