If the certificate used for single sign-on (SSO) to Keepit is going to expire soon, you will need to renew it. We recommend renewing certificates prior to the expiration date to avoid downtime with single sign-on. 

However, if your certificate expires before you have had a chance to update it in the Keepit configurations, then the SSO Admin will be able to access the SSO configurations and update the certificate. 

To renew the certificate, please follow the steps below:

  1. In the Entra ID portal, navigate to the Enterprise application you created for SSO.
  2. In the application's left-hand navigation menu, select Single sign-on.
  3. In the SAML Signing Certificate box, click the pencil icon to manage your certificate.
  4. Click + New Certificate, choose a duration of up to 3 years, and then click Save.
  5. Click the more options (three dots) icon to the right of the newly created certificate, and select Make certificate active. This will roll over your existing certificate into the newly created certificate.
  6. Download the new certificate, copy the text excluding the begin and end markers, and paste it into the SSO configurations in Keepit.

Note: Rolling over the certificate in Entra ID and configuring it in your app may cause downtime. Please account for potential downtime when performing the steps above.

Click the following link for more information: Manage certificates for federated single sign-on