For security reasons, you should change the client secret for OIDC-based applications on a regular basis. For more information, see Rotating the client secret for an application.
Client secrets apply only to OIDC-based applications.
- Go to and browse or search for the application.
- Click the application entry to open the details panel.
- Click the Configuration tab, and locate the Client Secret section.
- Click Generate New Secret.
From Retain Previous Secret, select how long to retain
the previous client secret:
- Retain for 1 Day: The previous secret expires 24 hours after the creation of the new secret.
- Retain for 7 Days: The previous secret expires 7 days after the creation of the new secret.
- Retain for 30 Days: The previous secret expires 30 days after the creation of the new secret. 30 days is the maximum retention period.
- Retain for custom duration: Configure the secret
to expire after a custom time frame. For example, 14 days. Note:
You cannot set the retention period for longer than 30 days.
- Do Not Retain Previous Secret: The previous secret expires immediately. Application users might experience sign-on errors until the application is updated to use the new secret.
This setting cannot be changed. If you are not sure how long you should retain the previous client secret, select Retain for 30 Days. If you do not need to keep the previous secret for that long, you can revoke it manually before the retention period expires. For more information, see Revoking a client secret for an application.
- Select I understand and would like to continue. Click Confirm.
PingOne generates a new client secret for the application.