Like all digital certificates, a signing certificate has an expiration date. The certificate authority (CA) that issues the certificate sets this date to ensure that certificates are regularly renewed and updated. This is a security measure designed to limit the potential impact if a certificate is compromised.
If the signing certificate for an SSO service is going to expire, you need to be renew and replace it with a new one. If the signing certificate expires and isn't replaced, it could disrupt the SSO service, preventing users from authenticating and accessing the services that depend on it.
To resolve an expired certificate, perform the following workflow:
-
Create a new certificate with your Identity Provider and associate it with the SSO configuration in Samsara.
For example, for Azure, see the Azure documentation on managing certificates.
-
Select the Settings icon (
) at the bottom of your Fleet menu to view dashboard settings.
-
Select Single Sign-On.
-
Select Edit for the SSO connection you need to replace certifications with.
-
If you are already using the metadata URL, your new certifications will be replaced automatically after the certifications renew in IdP and no action is needed.
-
If you are using a metadata file, export a new metadata file from your IdP and replace the existing one in your Samsara dashboard.
-
-
Save your changes when finished.
This new certificate will then be used in the SSO process going forward.
Comments
0 comments
Article is closed for comments.