Azure AD Application Keys

For security reasons, your Azure AD application key may expire every year or two. To retain your SSO connection, refresh your key before it expires.

Warning: To prevent an inadvertent lockout, ensure you have a Blackbaud ID outside of your claimed domains with access to Authentication.

Tip: To ease configuration, open Authentication and your Azure AD portal in separate browser tabs. To successfully create an application key in the Azure AD portal, admin rights are required.

  1. In Admin, select Authentication.

  2. Under Authentication settings, select Manage SSO settings.

  3. In a separate browser tab, sign in to your Azure AD portal as an administrator and add a new secret key to secure your application's credentials.

    Warning: These instructions include guidance for the Azure AD portal, but Blackbaud does not manage the portal. If the portal changes, we recommend checking Microsoft's official guidance in the Azure AD documentation instead.

    1. Select Azure Active Directory.

    2. Under Manage, select App registrations and then select your application.

    3. Under Manage, select Certificates & secrets.

    4. Under Client secrets, select New client secret.

    5. Enter a description for the key.

    6. Select when the key expires. If you set an expiration for security, remember to update your key before it expires to ensure that users can continue to sign in with their Blackbaud IDs. To refresh a key, you can select Update application key under Single sign-on with Azure AD in Authentication.

    7. Select Add. Your new secret key appears in the Client secrets grid.

    8. Copy the secret key in the Value column of the grid.

      Warning: Don't copy the ID in the Secret ID column. You cannot use this value to refresh your Azure AD application key.

  4. In Authentication, update the application key.

    1. Under Single sign-on with Azure AD, select Update application key.

    2. Paste the new application key value.

    3. Select Save.