article Qlik Cloud: The provided client secret keys are expired. Visit the Azure Portal to create new keys for your app in Official Support Articles

Qlik Cloud: The provided client secret keys are expired. Visit the Azure Portal to create new keys for your app

Damien_V — Mon, 13 Apr 2026 11:30:17 GMT

The following error shows up when trying to log in to Qlik Cloud:

{"errors":[{"title":"Authentication failed. Error received from identity provider","code":"LOGIN-3","status":"401","meta":{"error":"invalid_client","errorDescription":"AADSTS7000222: The provided client secret keys are expired. Visit the Azure Portal to create new keys for your app, or consider using certificate credentials for added security: https://docs.microsoft.com/azure/active-directory/develop/active-directory-certificate-credentialsTrace ID: b89a04dc-0194-4b25-8f7c-637b154d3a01Correlation ID: dc36f88e-cdb6-4a07-8cfb-fab698c44c14Timestamp: 2021-11-29 10:05:12Z"}}],"traceId":"000000000000000038d7a79b3417f205"}

Resolution

This is because the secret in Azure has expired. Please follow the below steps:

Log in to the Azure portal, go to "App registrations", select the app you have created before to perform authentication against Qlik Cloud, "Certificates & Secrets" "Generate new secret" then copy this new secret.
Log in to Qlik Sense SaaS using the recovery link https://yourtenant.eu.qlikcloud.com/login/recover, log in with the Service Account Owner (SAO)'s Qlik ID account. Go to the console > Identity Provider, edit the Azure identity provider and input your new secret and save. Validate the configuration.

Re: Qlik Cloud: The provided client secret keys are expired. Visit the Azure Portal to create new keys for your app

_Anders_ — Wed, 07 Feb 2024 09:37:19 GMT

Is there a way to rotate this key by automations or some other means? Or du you manually need to create a new key in azure every time?

Re: Qlik Cloud: The provided client secret keys are expired. Visit the Azure Portal to create new keys for your app

AlexOmetis — Wed, 07 Feb 2024 10:41:12 GMT

I've often wondered the same... but if Qlik Cloud was given permission to rotate keys in Azure, wouldn't it compromise the security of the key issuance process? I'd be interested to see some opinions on this and experience of ways this is handled with other systems.

It'd be good if Qlik could at least spot when the key is due to expire, but I'm not sure this is passed in any of the responses it processes from Azure. If that is possible, showing a warning for the month leading up to expiry to any admins would be a big step forward!

Re: Qlik Cloud: The provided client secret keys are expired. Visit the Azure Portal to create new keys for your app

Sonja_Bauernfeind — Wed, 07 Feb 2024 11:00:02 GMT

Hello @_Anders_ and @AlexOmetis This is great feedback!

I'd like to invite you to post this as an idea in our ideas section so we can highlight it to our product teams.

Feel free to ping me the link afterwards, as I'd like to give this one a vote.

All the best,
Sonja

Re: Qlik Cloud: The provided client secret keys are expired. Visit the Azure Portal to create new keys for your app

Alastair_Ometis — Wed, 07 Feb 2024 11:07:03 GMT

@_Anders_ As I understand it, it is best practice to build something that will alert to secret expiry (Microsoft have 3 different examples on how to do this Azure App registration Client secret expiration - Microsoft Q&A).

This is the most practical solution as there will likely be multiple applications which require secrets configured in Azure to integrate with Microsfot Entra as the IdP.

Building a bespoke solution for each application would likely be a huge overhead.

That being said. If you were to build something on the Azure side to check for and reissue a secret as needed, Application Automations could be used to retrieve the secret and update the idp configuration with it, this automation could also be trigger by a webhook for an even more tightly integrated solution.

All of these things are possible but considering it takes a human only a few minutes to complete the entire process from generating the key in Azure to updating the configuration in Qlik Cloud, and that this is only likely to be needed every 6 months, it does feel a little like an invention by Heath Robinson.

@AlexOmetis As I understand it Qlik Cloud has no awareness of the expiry of the secret, it is after all a random string and not a JWT, I don't believe there is anything in the token about this either so aside from providing a box to capture the expiry date as part of the config, explicitly to allow for alerting, there is not much they can do.

article Qlik Cloud: The provided client secret keys are expired. Visit the Azure Portal to create new keys for your app in Official Support Articles

Qlik Cloud: The provided client secret keys are expired. Visit the Azure Portal to create new keys for your app

Resolution

Related Content:

Re: Qlik Cloud: The provided client secret keys are expired. Visit the Azure Portal to create new keys for your app

Re: Qlik Cloud: The provided client secret keys are expired. Visit the Azure Portal to create new keys for your app

Re: Qlik Cloud: The provided client secret keys are expired. Visit the Azure Portal to create new keys for your app

Re: Qlik Cloud: The provided client secret keys are expired. Visit the Azure Portal to create new keys for your app