Forum Discussion
Jeff Harlow
Oct 29, 2019Iron Contributor
Recommended to roll over Kerberos decryption key Seamless Sign-on
When I am looking at my Azure AD Connect, I see a notice that it is recommended to roll over the Kerberos decryption key on my on-premise Ad for Seamless sign on. The Microsoft Docs just mentions it is recommended every 30 days but does not explain in detail what this means or if it causes problems. Any insight? Thanks.
- Shawn BeckersBrass Contributor
Jeff Harlow I'm by no means an expert, but I believe rolling over the key is considered a "best practice" from a security perspective. Not rolling over the key shouldn't cause SSO to stop working.
That said...you should do it. It's a simple procedure.