Install the identity provider certificate

Watch

Save as PDF

Share this page

Feedback

HomeXanadu Platform securityAccess ManagementAuthenticationMulti-Provider Single sign-on (SSO)SAMLInstall the identity provider certificate

Table of Contents

Install the identity provider certificate

Release version:
Xanadu
Yokohama
Washington DC
Vancouver
UpdatedAug 1, 2024
2 minutes to read

Xanadu
Platform Security

You can paste a PEM certificate into a X.509 Certificate form so the identify provider can verify communications with the service provider.

Before you begin

Role required: admin

About this task

The IdP's certificate is located within the IdP's metadata. The IdP developer determines where the certificate metadata resides when creating the local IdP.

Note: Certificates for single-sign on should always be in PEM format to work with SAML certificates.

Procedure

Navigate to All > SAML Single Sign-on > Certificate.
Fill in the form fields (see table).

Click Save.

Note: The integration does not currently sign the certificate in communications between the instance and the IdP.

Search:


Field	Description
Name	The certificate name. Do not change the Name entry. The name of the X.509 certificate must be SAML 2.0 in order for the integration to use it. This requirement is only true if you are not using Multi-Provider Single sign-on (SSO).
Expiration notification	Select this option to send a notification to the users selected in the Notify on expiration field. By default, this is enabled.
Notify on expiration	Select the users to revive the notification regarding certificate expiration. If no users are selected, the logged in user is added by default, along with the last two logged in users with the administrator role.
Warn in days to expire	The number of days before expiration that the instance send the notification. Enter a value of at least 20. Instances upgraded to Istanbul and later releases have this value set to 20 unless a greater value is specified.
Active	A check box to indicate that this certificate is active.
Format	The format of the certificate. SAML uses the PEM format.
Type	The certificate container. The instance recognizes certificates from trust stores, Java keystore, and PKCS#12 keystores.
Valid from	The instance automatically adds the certificate valid from date to this field. Attach the certificate to the X.509 certificate record to populate this field.
Expires	The instance automatically adds the certificate expiration date to this field. Attach the certificate to the X.509 certificate record to populate this field.
Expires in days	The calculated number of days to expiration.
Short description	A description for the certificate.
Issue	The instance automatically adds the certificate issuer to this field. Attach the certificate to the X.509 certificate record to populate this field.
Subject	The instance automatically adds the certificate subject to this field. Attach the certificate to the X.509 certificate record to populate this field.
PEM Certificate	Enter the value of the X509 certificate.

What to do next

Click Validate Stores/Certificates to test the trust store and certificate.

Was this topic helpful?

Yes No

(Optional) Advanced SAML properties

Replacing a missing certificate for SAML

(Optional) Advanced SAML properties

Replacing a missing certificate for SAML

Xanadu Platform security

Filters

Versions

Products