Manage certificates
Certificates are how your IDP authenticates users for SSO. It's imperative you keep these current for SSO to work properly.
Add a certificate
You need at least one valid certificate loaded for SSO to work.
To add a certificate:
- From the IDP Configuration tab, click Edit IDP Configuration.
- In SAML Certificates, click Add Another Certificate.
- Paste the certificate into SAML Public Certificate and click Save Changes.
Delete a certificate
You need at least one valid certificate loaded in order for SSO to work. For this reason, you can't delete a certificate if it's the only certificate in the list. You can add a new certificate and then delete the one you want.
To delete a certificate:
- From the IDP Configuration tab, click Edit IDP Configuration.
- Find the certificate you want to delete in the list. Click Delete.
Rotate a certificate
To maintain uninterrupted SSO service, always keep at least one valid certificate in the system. If you are down to your last certificate, upload a new one before the current one expires. You can have up to ten certificates loaded at once.
When you upload multiple certificates, the system ensures zero downtime by managing them automatically:
- Active certificate expires: The system immediately checks the list.
- Automatic switch: It seamlessly transitions to the next valid certificate without requiring manual intervention.
Alternatively, you can rotate them yourself by adding a new certificate before the current one expires.
View a certificate
Look at administrative data about a certificate. You can copy the certificate ID or the certificate itself from this area.
To view a certificate:
- Go to Manage SSO enforcement > IDP Configuration > click Edit IDP Configuration.
- Find the certificate you want to view in the list. Click View Details.
