This article outlines recommended configuration and maintenance steps for organizations using Azure SSO (Microsoft Entra ID) with Motimate. These recommendations are part of general security hygiene and help ensure that your SSO configuration follows commonly accepted best practices đ
-
App registration recommendation
Review: âAllow public client flowsâ
-
Recommended:
Disable âAllow public client flowsâ unless your organization specifically requires it (for example, when using device code flow).
-
Why:
Public client flows allow authentication scenarios that do not require a client secret and should generally only be enabled when necessary.
Reference (Microsoft):
Configure desktop apps that call web APIs
-
Recommended:
-
Enterprise application recommendation
Review: appRoleAssignmentRequired (enterprise application / service principal)
-
Recommended:
Verify whether appRoleAssignmentRequired is enabled for the Motimate enterprise application.
- If you plan to enable it, ensure that users are explicitly assigned to the application before attempting to sign in.
-
Otherwise, users may receive an error such as AADSTS50105.
Reference (Microsoft):
Restrict a Microsoft Entra app to a set of users
-
Recommended:
-
Secret key rotation hygiene
Rotate client secrets periodically
-
Recommended:
Rotate the Motimate app client secret periodically (for example, once per year) or according to your organizationâs internal security policies.
- Many organizations manage SSO through an internal IT or security team, or an external IT partner. Make sure the appropriate owner is involved when performing secret rotation.
-
Recommended:
Getting help
If you have questions about your SSO configuration, please contact Motimate Support.