Managing SP Certificates for Web SSO
SAML certificates are used to confirm the authenticity and integrity of messages exchanged between Service Providers/SPs (web applications) and the Identity Provider/IdP (Imprivata Web SSO).
These certificates are included within the SAML metadata files exchanged between the IdP and SP during initial WebSSO setup.
After either certificate expires, your end users will not be able to log into SP applications you have enabled for Imprivata Web SSO. After you replace the expired certificate, access with Imprivata Web SSO will be restored.
If the IdP certificate is expiring, see Managing the Imprivata IdP Certificate for WebSSO.
SP Certificate Expiring
When the SAML SP certificate is expiring for a web app enabled for Web SSO, you will receive an alert on the Imprivata Admin Console beginning 90 days before it expires. The alert includes the date of expiry.
An email notification is also sent to the administrator 90 days, 60 days, and 30 days before the SP certificate expires, then every day during the last week before it expires, and after the certificate has expired as well.
Acquire New Certificate from Web App
Acquire a new certificate from the web app and provide it to your Imprivata enterprise as described below.
Refer to the Imprivata Help topic for the web app for details on how the web app delivers metadata for the IdP — with a downloaded XML file or with a URL.
After you have downloaded the XML file or copied the URL, continue to the next section.
Replace Metadata
-
On the Imprivata Admin Console, go to Applications > Single sign-on application profiles.
-
Click Edit Profile for the SAML application.
-
Click Replace metadata at the top of the page (or in the section Service provider (SP) metadata).
-
In the Get SAML metadata window, browse to the XML file you downloaded earlier, or paste the URL, and click OK.
-
Click Save.
-
Return to the Imprivata Admin Console. The alert should no longer be displayed.
