This article has been written to help find where the keys/secrets are in the Azure portal depending on how you have set up your application. It will also provide some help in regards to extending/changing the Client Secret for an Enterprise Application in a Multi-Tenanted Scenario.



Custom AAD Registration Keys/Secrets

In order to access the keys for an AAD application registration, you can follow the steps highlighted below. You will essentially go to the AAD Registration Blade > App Registrations > (You’re App Name) > Settings > Keys. You will have to save the key with the name and expiration date before being able to copy and paste the key. In addition to that, you will not see the value in the Application Manifest as it’s now hidden and will be considered : Null.





Getting Keys/Secrets From an App Service Application Registration

This part of the article will define how to get the keys/secrets from the app service application. This will include creating the application from scratch. You will go to the app services blade : App Services > Add > Web App > Create.





After creating the web app, I’m going to go ahead and enable the web app to have authentication/authorization to create an AAD Application registration.





After enabling the Authentication/Authorization, I turn the management mode to express and then create a new AD Application and then press okay.





This will bring you back to the App Service Authentication/Authorization page. From there you will want to press the save button and then close out of the blade all the way back to the App Services blade in order to see the application registration in the AAD App registration. image



After backing out of the App Service blades and going back to the blade with all App Services, you will be able to access the App Registration once you click on the Highlighted AAD button again.




When you access the AAD Authentication/Authorization setting again, you will see a new blade and you will be able to click on the button Manage Application now.



From here, this will open the AAD Application Registration and you can follow the same flow as the Custom AAD Application Keys/Secrets flow documented in the first section of this article.


Changing an Enterprise Application’s Secret

Please go to this blog post for more information on Enterprise Applications:

How to Create and Add Keys to Enterprise Applications for Expired Keys



Here in this article we have gone over three separate ways to find the permission/keys for your AAD registrations in both the Application Registration and the Enterprise Application. Please note that the Enterprise Application is actually a service principal for the Application Registration. More on this can be found here:


The Service Principal described in the documentation is termed the Enterprise Application in the Azure Active Directory Portal. The managed application under the AAD App Registration also refers to the service principal. This link in the picture below highlighted will bring you to the Service Principal (Enterprise Application) of the Application Registration.




Leave a Comment