Your organization
Access management
SAML certificate management
8min
this feature is available to enterprise customers the sso setup page lets you manage your service provider (sp) certificates you can activate, deactivate, copy, or download your sp certificates {{product name}} provides a new certificate when your active sp certificate is close to expiring email notifications let you know when it's time to rotate your certificates rotate service provider certificates to maintain the security of your sso setup, {{product name}} supports service provider (sp) certificate rotation on a three year basis when your sp certificate is 90 days from expiring, {{product name}} provides a new certificate and sends you an email rotate your certificate before it expires to avoid login failure you can see when your certificate expires by looking under the expires column of the service provider certificates section of your sso setup you can activate your new certificate and copy or download it with the following steps click organization in the left sidebar click the sso tab under sso configuration , find your service provider certificates find your new certificate refer to the valid from and expires dates if you are unsure on the right side of the row for your new certificate, click activate next to activate , click the icon to download or copy your certificate, depending on how you need to enter your certificates with your identity provider go to your identity provider and update your service provider certificate if you use okta, refer to our okta saml docid\ q0sypmv8 3mmt nikfl2k for details if you have more than one active certificate, {{product name}} deactivates the certificate that expires first you can check the expires column to see when your certificates expire only click save if you make other changes to your setup clicking save is not required to activate and rotate your certificate immediately logs out all organization members activate a certificate you can see which certificates are active by looking in the status column active means the certificate is in use in your saml sso configuration no further action required inactive means the certificate is not used in your saml sso configuration {{product name}} automatically deactivates certificates that expire as long as you have another valid active certificate click organization in the left sidebar click the sso tab under sso configuration , find your service provider certificates find the certificate in the list under actions , click activate a popup asks you to confirm activation click activate only click save if you make other changes to your setup clicking save is not required to activate your certificate immediately logs out all organization members deactivate a certificate you can only deactivate a certificate if there is another active certificate this prevents accidental deactivation of your only active certificate at least once certificate must be active if you have more than one active certificate, {{product name}} deactivates the older certificate for you when it expires don't worry, {{product name}} won't deactivate your only active certificate click organization in the left sidebar click the sso tab under sso configuration , find your service provider certificates find the certificate in the list under actions , click deactivate copy a certificate if your identity provider (idp) lets you paste your service provider (sp) certificates into your setup, you can copy your sp certificate into your clipboard click organization in the left sidebar click the sso tab under sso configuration , find your service provider certificates find the certificate in the list on the right side of the row for your certificate, click the icon select copy your sp certificate is copied to your clipboard and ready to paste into your idp setup download a certificate if your identity provider (idp) lets you upload your service provider (sp) certificates into your setup, you can download your sp certificate as a pem file click organization in the left sidebar click the sso tab under sso configuration , find your service provider certificates find the certificate in the list on the right side of the row for your certificate, click the icon select download your browser downloads your sp certificate as a pem file you can find it in your downloads folder