About
Search
Welcome to M-Files Empower – our new support experience. We'd love to hear what you think!Give feedback
Home/Support and troubleshooting/Troubleshooting/FAQ/Administration of M-Files

Client Secret Expired - Where Do I Enter the New Secret in M-Files?

Last updated on 22 December 2025

Admin
Microsoft Entra ID Authentication

Overview

Various federated authentication identity providers rely on a Client Secret when communicating with M-Files. The secret values have an expiration date. When the secret expires, a new secret must be generated by the identity provider, and the new secret must then be added to the relevant configurations on M-Files' side.

This article lists the possible places where Client Secrets might need to be updated in M-Files.

Solution

When your identity provider administrator provides you with a new Client Secret for a given Client ID, check the following places in M-Files to see if you need to add the new secret to any of the configurations (make sure that the Client ID you may find in any of the listed places matches with the client ID for which the new secret is meant):

In M-Files Admin

  • Under each document vault, check Configurations > Federated Authentication. If there is an authentication configuration there, go to the Advanced tab and use Ctrl+F to find the client ID. If the client ID matches with the one for which the new secret was created, then update the client secret in the configuration.
  • Under each document vault, check Configurations > Advanced Vault Settings > Configuration > User Groups > User Group Synchronization Plugin. If there is a plugin configuration, check its Client ID. If the client ID matches with the one for which the new secret was created, then update the client secret in the configuration.
  • Under each document vault, check Connections to External Sources > Mail Sources. If there are any mail source configurations that use Microsoft Exchange Online as the service type, then check the Client ID used in the configurations. If the client ID matches with the one for which the new secret was created, then update the client secret in the configuration.

Server registry in on-premises environments

Check whether either of the following registry paths exist on the server computer:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Motive\M-Files\<VERSION>\Server\MFServer\Authentication\Configurations\<CONFIGURATION NAME>\ClientSpecific
  • HKEY_LOCAL_MACHINE\SOFTWARE\Motive\M-Files\<VERSION>\Server\MFServer\Synchronization\Plugins\<PLUGIN NAME>

If either of those paths exist, then check the Client ID found in the registry key at the end of the path. If the client ID matches with the one for which the new secret was created, then update the ClientSecret setting in the same registry key.

Related content

Still need help?

Ask the M-Files Community
Submit a Support Request
On this page
Overview
Solution
In M-Files Admin
Server registry in on-premises environments
Popular links
What is enterprise content management?Business process managementCollaboration solutionsSolutions by industryKey capabilities
About M-Files
Contact usSchedule a demoCareersTrust CenterPrivacy policySecurity Hall of Fame
Resources
Customer Support PortalPartner HubDeveloper PortalUser guideM-Files CommunityTerms and conditions