Install the identity provider certificate You can paste a PEM certificate into a X.509 Certificate form so the identify provider can verify communications with the service provider. Before you beginRole required: admin About this task The IdP's certificate is located within the IdP's metadata. The IdP developer determines where the certificate metadata resides when creating the local IdP. Note: Certificates for single-sign on should always be in PEM format to work with SAML certificates. Procedure Navigate to SAML Single Sign-on > Certificate. Fill in the form fields (see table). Click Save. Note: The integration does not currently sign the certificate in communications between the instance and the IdP. Field Description Name The certificate name. Do not change the Name entry. The name of the X.509 certificate must be SAML 2.0 in order for the integration to use it. This requirement is only true if you are not using Multiple provider single sign-on. Expiration notification Select this option to send a notification to the users selected in the Notify on expiration field. By default, this is enabled. Notify on expiration Select the users to revive the notification regarding certificate expiration. If no users are selected, the logged in user is added by default, along with the last two logged in users with the administrator role. Warn in days to expire The number of days before expiration that the instance send the notification. Enter a value of at least 20. Instances upgraded to Istanbul and later releases have this value set to 20 unless a greater value is specified. Active A check box to indicate that this certificate is active. Format A PEM or DER certificate. SAML uses PEM format. Type The certificate container. The instance recognizes certificates from trust stores, Java keystore, and PKCS#12 keystores. Valid from The instance automatically adds the certificate valid from date to this field. Attach the certificate to the X.509 certificate record to populate this field. Expires The instance automatically adds the certificate expiration date to this field. Attach the certificate to the X.509 certificate record to populate this field. Expires in days The calculated number of days to expiration. Short description A description for the certificate. Issue The instance automatically adds the certificate issuer to this field. Attach the certificate to the X.509 certificate record to populate this field. Subject The instance automatically adds the certificate subject to this field. Attach the certificate to the X.509 certificate record to populate this field. PEM Certificate Enter the value of the X509 certificate. What to do nextClick Validate Stores/Certificates to test the trust store and certificate. Replacing a missing certificate for SAMLIf the Certificate module displays a blank page, the SAML 2.0 certificate record has been deleted. You can replace the missing certificate by manually creating a certificate record.Add a Java keystore for SAMLYou can add Java keystores to the SAML application if you want another repository for your SAML security certificates.