Install the identity provider certificate

You can paste a PEM certificate into a X.509 Certificate form so the identify provider can verify communications with the service provider.

Before you begin

Role required: admin

About this task

The IdP's certificate is located within the IdP's metadata. The IdP developer determines where the certificate metadata resides when creating the local IdP.

Tip: Make sure that the Certificate Expiring and Certificate Expired notifications are enabled so you remember to update the certificate.
Note: Certificates for single-sign on should always be in PEM format to work with SAML certificates.

Procedure

  1. Navigate to SAML Single Sign-on > Certificate.
  2. Fill in the form fields (see table).
  3. Click Save.
    Pasting in the PEM certificate
    Note: The integration does not currently sign the certificate in communications between the instance and the IdP.
    Field Description
    Name The certificate name. Do not change the Name entry. The name of the X.509 certificate must be SAML 2.0 in order for the integration to use it. This requirement is only true if you are not using Multiple provider single sign-on.
    Expiration notification Select this option to send a notification to the users selected in the Notify on expiration field. By default, this is enabled.
    Notify on expiration Select the users to revive the notification regarding certificate expiration. If no users are selected, the logged in user is added by default, along with the last two logged in users with the administrator role.
    Warn in days to expire The number of days before expiration that the instance send the notification. Enter a value of at least 20.
    Active A check box to indicate that this certificate is active.
    Format A PEM or DER certificate. SAML uses PEM format.
    Type The certificate container. The instance recognizes certificates from trust stores, Java keystore, and PKCS#12 keystores.
    Valid from The instance automatically adds the certificate valid from date to this field. Attach the certificate to the X.509 certificate record to populate this field.
    Expires The instance automatically adds the certificate expiration date to this field. Attach the certificate to the X.509 certificate record to populate this field.
    Expires in days The calculated number of days to expiration.
    Short description A description for the certificate.
    Issue The instance automatically adds the certificate issuer to this field. Attach the certificate to the X.509 certificate record to populate this field.
    Subject The instance automatically adds the certificate subject to this field. Attach the certificate to the X.509 certificate record to populate this field.
    PEM Certificate Enter the value of the X509 certificate.