Skip to content


Forcing resynchronization

Synchronization to Azure AD only happens when at least one of two things happen:

  1. Any* or spec.accessPolicy.inbound.rules[] value has changed.
  2. An annotation is applied to the resource:
kubectl annotate azureapp <app>

The annotation is removed after synchronization. It can then be re-applied to trigger new synchronizations.

Forcing credential rotation

Credential rotation happens automatically on a regular basis.

However, if you need to trigger rotation manually you may do so by applying the following annotation:

kubectl annotate azureapp <app>

You should then restart your pods so that the new credentials are re-injected:

kubectl rollout restart deployment <app>