idgard Single-Sign-On (SSO): How do I update an IdP-certificate?

As an idgard corporate customer with an active idgard SSO configuration, it is your responsibility to monitor the expiry dates of the certificates needed to access idgard via SSO.

If the IdP certificate expires, please send us the new metadata.xml to support@idgard.com three weeks before the certificate expires.

Please note

1.  If the certificate is about to expire and you need to generate a new one, please check that the metadata.xml file contains both the old and the new certificate!
   
2. Even if you only change one of the two certificates (signing certificate and/or the encryption certificate), please make sure that you send us the updated metdata.xml file!

Service interruption

1. If you decide to update the certificates without informing us or without sending us the updated metadata.xml file three weeks before the expected change, we cannot accept responsibility for any SSO service interruptions on your end.
   

Support from Professional Services

1. If you need help updating SAML SSO settings or configuring an additional staging instance to practice with SAML SSO, you can request Professional Services support and assign a dedicated PS technician to work with you. 
2. We recommend an additional staging instance if, for example, you change your IDP, i.e. migrate, etc. If required, please contact your idgard representative to discuss this option with you.
   

How to export the metadata.xml file from your respective IDP?

Here are some instructions on how to export the metadata file:

• AFDS onprem

  • Download the FederationMetadata.xml file from your AD FS server.

    Log in to Windows Server > open Server Manager > click Tools > click AD FS Management > expand Service and select the Endpoints node.

• Oracle Identity Cloud Service

  • Administering Oracle Identity Cloud Service

• Azure AD

  • Azure AD SAML 2.0 Metadaten abrufen

• Okta

  • Okta Help Center (Lightning)

• Related Articles

• How do I get support?

  If you have a problem or question about idgard, please browse our extensive Service Center first - most of the time this will already solve the problem or answer your question. However, if you were not able to solve the problem and need further ...

• Reporting illegal content

  The Digital Services Act (DSA) is an important tool for reporting problematic or harmful content in the digital space. It allows users to report potential violations of the DSA, helping to create a safer and more responsible online environment. Here ...

• What are the restrictions for filenames, folder names and dataroom names?

  The following restrictions apply to filenames, folder names and dataroom names in idgard: Characters not allowed: *, /, \, ?, :, <, >, ^, ", &, | Names must not end with a dot. This restriction exists because Windows does not support folder names ...