Renew an SSO application certificate before expiration

If the certificate used for single sign-on (SSO) to Keepit is nearing its expiration, it’s important to renew it promptly. We recommend renewing certificates before they expire to avoid any disruption in SSO access.

However, if the certificate expires before you can update it in Keepit, the SSO Admin will still be able to access the SSO configurations and update the certificate.

Renew the certificate

1. In the Azure portal, navigate to the Enterprise application you created for SSO.

2. In the application’s left-hand menu, select Single sign-on.

3. In the SAML Signing Certificate section, click the pencil icon to manage the certificate.

4. Click + New Certificate, choose a duration of up to 3 years, and then click Save.

5. Click the More options (three dots) icon next to the new certificate and select Make certificate active. This will roll over your existing certificate into the newly created certificate.

6. Download the new certificate, copy the text (excluding the "begin" and "end" markers), and paste it into the SSO configuration in Keepit.

Note: Rolling over the certificate in Microsoft Entra and updating it in your app may cause brief downtime. Please plan accordingly when performing these steps to minimize disruption.

Click the following link for more information: Tutorial: Manage certificates for federated single sign-on