Client secrets apply only to OIDC-based applications.

Best practice:

For security purposes, revoke the previous client secret as soon as you know it is no longer needed.

  1. Go to Applications > Applications and browse or search for the application for which you want to revoke the client secret.
  2. Click the application entry to open the details panel.
  3. Click the Configuration tab, and locate the Previous Client Secret section.

    If the previous client secret already expired or was not retained, this section does not appear.

  4. Click Revoke Previous Client Secret.

    This action cannot be undone.

  5. In the confirmation message, select I understand and would like to continue. Click Confirm.

The previous secret is revoked. Users must have the new client secret to access the application.