Most Single Sign-On (SSO) certificates will expire and must be renewed at some point. However, Slate references your metadata from a publicly available URL, so your IT team or SSO manager can update the certificate without assistance from Technolutions.
SSO works based on a trust relationship between:
- An application (the service provider)
- An identity provider
This trust relationship is usually based on a certificate exchanged between the identity provider and the service provider. This certificate is used to sign identity information sent from the identity provider to the service provider to know it is coming from a trusted source. The certificate used must match your SAML response.
Most identity providers can include multiple active certificates in the metadata, so you can add your new certificate before the existing certificate expires. This ensures that Slate has access to the necessary certificates when the switch is made by the identity provider.