Skip to main content

SSO SAML Certificate Rotation

Describes how to rotate your single sign-on security assertion markup language (SSO SAML) certificates through the 4U Platform

Updated over 8 months ago

SAML Certificate Rotation

Once you have SAML-based SSO configured, rotating your SAML certificate is typically a yearly task that, all too often, requires back-and-forth emailing and schedule coordination in order to successfully perform a synchronized simultaneous switchover of the certificate in both the Identity Provider and Service Provider.

At 4U, we believe users should be empowered to perform routine tasks without headaches and without wasting your valuable time.

4U platform provides self-service SAML certificate rotation including support for configuring multiple certificates simultaneously. On the 4U side, we'll automatically use the correct certificate. This allows you to confidently upload the public portion of your certificate to 4U in *advance* of rotating the certificate in your Identity Provider. You can then easily use the 4U Configuration Tool to confirm which SAML certificate is active and, when the time is right, delete the old certificate.

Obtaining Access to the SSO Configuration Tool

In order to access the SSO Configuration Tool within 4U, you'll need to request access for whatever user(s) within your organization require access. To do this you'll need to:

  1. As needed, first ensure the appropriate person or people already have access to 4U as a "Home Office" user(s). Note that only "Home Office" users can be given access to the SSO Configuration Tool.
    ​
    Provisioning users within 4U is something that your organization is responsible for and you should follow your normal process.
    ​

  2. After ensuring the user(s) have been provisioned within 4U, your designated 4U Company Admin user should send an email to support@4uplatform.com requesting SSO access for the desired 4U user(s). We'll follow up promptly letting you know when access has been granted.

Not sure who your 4U Company Admin(s) are? Email support@4uplatform.com and we'll be able to tell you!

Navigating to the SSO Configuration Tool

Log into https://www.4uplatform.com and navigate to your Company Settings by clicking on your name in the upper right-hand corner of the screen. From the Company Settings page, navigate to the SSO section via the menu on the left.

If you do not see the Company Settings and/or the SSO section of the Company Settings page, then you are not properly entitled. Please see the previous section of this article for how to obtain access.

Using the SSO Configuration Tool

The tool is designed to be self-explanatory, if you feel like it's not, please let us know, we always want to improve!

Adding A New Certificate

Click the "Add New Cert" button and provide the public portion of your new SAML certificate as instructed. You may upload as many simultaneous valid certificates as you require.

4U is equipped with SAML-Sense and will always use the correct certificate for the request. This means you can add certificates in advance of the certificate being rotated within your Identity Provider.

Monitoring Certificate Usage

The table shows you all of your loaded certificates including the last time the certificate was successfully used for authentication into 4U. This allows you to confidently know which certificate is actually being used on the 4U side and allows you to easily confirm that your rotation was successful.

Clicking the refresh button will update the "Last Successfully Used" data.

Deleting A Certificate

Deleting a certificate is as easy as clicking the trash can icon. As a best practice, we recommend that you delete expired certificates or any other certificate that you are confident you will not need again.

4U's SAML-Sense will prevent you from accidentally deleting a certificate that's currently in use.

Did this answer your question?