SAML certificate management
This feature is available to Enterprise customers.
The SSO setup page lets you manage your service provider (SP) certificates. You can activate, deactivate, copy, or download your SP certificates.
provides a new certificate when your active SP certificate is close to expiring. Email notifications let you know when it's time to rotate your certificates.
To maintain the security of your SSO setup, supports service provider (SP) certificate rotation on a three-year basis. When your SP certificate is 90 days from expiring, provides a new certificate and sends you an email. Rotate your certificate before it expires to avoid login failure. You can see when your certificate expires by looking under the Expires column of the Service Provider Certificates section of your SSO setup.
You can activate your new certificate and copy or download it with the following steps:
Click Organization in the left sidebar.
Click the SSO tab.
Under SSO configuration, find your Service Provider Certificates.
Find your new certificate. Refer to the Valid from and Expires dates if you are unsure.
On the right side of the row for your new certificate, click Activate.
Next to Activate, click the icon to download or copy your certificate, depending on how you need to enter your certificates with your identity provider.
Go to your identity provider and update your service provider certificate. If you use Okta, refer to our Okta SAML page for details.
If you have more than one active certificate, deactivates the certificate that expires first. You can check the Expires column to see when your certificates expire.
Only click Save if you make other changes to your setup. Clicking Save:
- is not required to activate and rotate your certificate.
- immediately logs out all organization members.
You can see which certificates are active by looking in the Status column.
Active means the certificate is in use in your SAML SSO configuration. No further action required.
Inactive means the certificate is not used in your SAML SSO configuration. automatically deactivates certificates that expire as long as you have another valid active certificate.
Click Organization in the left sidebar.
Click the SSO tab.
Under SSO configuration, find your Service Provider Certificates.
Find the certificate in the list.
Under Actions, click Activate.
A popup asks you to confirm activation. Click Activate.
Only click Save if you make other changes to your setup. Clicking Save:
- is not required to activate your certificate.
- immediately logs out all organization members.
You can only deactivate a certificate if there is another active certificate. This prevents accidental deactivation of your only active certificate. At least once certificate must be active.
If you have more than one active certificate, deactivates the older certificate for you when it expires. Don't worry, won't deactivate your only active certificate.
Click Organization in the left sidebar.
Click the SSO tab.
Under SSO configuration, find your Service Provider Certificates.
Find the certificate in the list.
Under Actions, click Deactivate.
If your identity provider (IdP) lets you paste your service provider (SP) certificates into your setup, you can copy your SP certificate into your clipboard.
Click Organization in the left sidebar.
Click the SSO tab.
Under SSO configuration, find your Service Provider Certificates.
Find the certificate in the list.
On the right side of the row for your certificate, click the icon.
Select Copy.
Your SP certificate is copied to your clipboard and ready to paste into your IdP setup.
If your identity provider (IdP) lets you upload your service provider (SP) certificates into your setup, you can download your SP certificate as a .pem file.
Click Organization in the left sidebar.
Click the SSO tab.
Under SSO configuration, find your Service Provider Certificates.
Find the certificate in the list.
On the right side of the row for your certificate, click the icon.
Select Download.
Your browser downloads your SP certificate as a .pem file. You can find it in your downloads folder.