Easily create, delete, and rotate the X.509 certificates used with SAML apps
What’s new: SAML uses X.509 certificates to ensure the authenticity and integrity of messages shared between an Identity Provider (IdP) and Service Provider (SP). These certificates are associated with your SAML applications when you first install them via the Admin console and have a five-year lifetime. When a certificate expires, a user can’t sign in to the associated application using SAML-based SSO.
To change an application’s existing certificate (e.g. because it’s about to expire or has been compromised in some way), an admin needs to “rotate” it. Traditionally, you could do this with help from Google Support. With this launch, we’re giving you the ability to do so on your own in the Admin console, where you can easily view certificates in use, identify those about to expire, create new ones, and assign them to applications.
Please note that only super admins will be able to view the expiration status of SAML certificates and take action on them.