Applies to: Mattermost Server v10.11 and later
Symptoms: The OpenID Connect configuration for Microsoft Entra ID can only be completed using a client secret; no other client authentication method is available.
đŸ›‘ Problem
Mattermost's OpenID Connect integration with Microsoft Entra ID supports only client secret authentication. Managed Identity, workload identity federation, and certificate credentials (private_key_jwt) are not supported, even though Microsoft recommends these methods over long-lived client secrets for production workloads.
✅ Solution
Continue using a client secret for the Mattermost OIDC client and rotate the secret regularly in production to limit exposure of long-lived credentials. Entra ID allows multiple active client secrets on the same app registration, so rotation can be performed without downtime.
Additional Resources
For more information, see:
Comments
Article is closed for comments.