Error message " Invalid client secret provided" on Prisma Cloud

Error message " Invalid client secret provided" on Prisma Cloud

13390
Created On 10/25/21 22:39 PM - Last Modified 10/26/25 21:41 PM


Symptom


  • If an Azure Application Client Secret expires in the Azure Portal, the Prisma Cloud console will display an "Invalid client secret provided" error for the Cloud Account Status.

Environment


  • Prisma Cloud
  • Microsoft Azure 

Cause


Any extra space or typo mistake during copying Value Key from Azure portal to Prisma Cloud will cause an " Invalid client secret provided" error.

NoteDO NOT save Value Key to ordinary notes applications and do not copy Value Keys from ordinary notes to Prisma Cloud Account Setting. Copying Value Key from ordinary notes application may change Value Key syntax which is almost impossible to troubleshoot. Always best practice is to use any programming application like NotePad++, Sublime, VS Code, to save Value Keys.

Resolution


Prisma Console:

1. Log in to Prisma Console.
2. Go to Settings > Cloud Accounts Click on the Edit button in Actions.
3. Click on the Pencil button to see Configure Account page.
4. Copy Application (Client) ID to any Notepad. We will use it to check Azure App registrations in the Azure portal.



Microsoft Azure Portal:

1. Log in to Azure Portal.
2. Type App registration in the Search bar. Then click on App registrations.

User-added image



3. Look for Application (client) ID which we copied from Prisma Cloud Cloud Account. Click on Application, In my case Prisma Cloud App qobyz

User-added image
4. In Prisma Cloud App qobyz Overview shows  "A certificate or secret has expired. Create a new one". So create a new secret.

User-added image



5. On the left side Click Certificate & secrets under Manage. Click on New client secret.

User-added image



6.  Fill up the required fields for client secret.

Note: From the Expires drop down menu, use the required time period as per your requirements. 

User-added image



7. Copy the Value displayed under Client Secrets.

Note: A client secret value is only displayed at the time of creation and after that, it is neither displayed nor it can be retrieved. What you would need to do is create a new client secret and copy its value when it is displayed.

User-added image




Prisma Console:

8. Replace the old value in Application Client Secret in Prisma Cloud Account. Click on Next
9. Click on Next again to see Status.
10. You will see a Green Status, Click Done.

Note: If you don't see Green Status wait for a few mins and repeat from Step 7 to 10. If you didn't set up Flow Logs ingestion. It will not be Green after replacing Value.

11. Congratulations! You have successfully replaced Client Secret Value.

User-added image


 

Additional Information


(Optional) Enable NSG flow logs: If you want to enable flow log ingestion, you must complete the tasks outlined in Step 9
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000004M60CAE&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language