SAML: Replace/Renew an Expired IdP Certificate

When a security certificate is about to expire, your Smartsheet SAML configuration may become disabled. Smartsheet will automatically send an email to System Admins on the account at 45 days and 5 days prior to the certificate’s expiration date. To avoid service disruption, you’ll need to make sure that your Identity Provider (IdP) security certificates are valid and up to date. 

NOTES: Depending on your IdP, the certificate can become disabled up to 30 days in advance. 

Before You Begin: Requirements

Before you can replace your expiring IdP certificate and complete the rollover process discussed in this article, you’ll need to have a new certificate generated from your IdP. 

NOTE: If you’re using the same EntityID as another Smartsheet account, it’s possible you won’t see the edit option and you won't be able to edit the metadata. In this case, have the System Admin of the other Smartsheet account follow the steps in this article to update the metadata for everyone who is using it. If you need to know who the System Admin on the other account is, check with your IT team. If they can't help, contact Smartsheet Support.

Replace Expired IdP Certificate

1. Select Account > Account Admin > Security Controls​.
   
2. In the Security Controls form, click Edit​ in the Authentication section.
3. Select Edit Configuration. 
4. In the SAML Administration ​form, click Edit​ on the IdP that is about to expire. 
5. In the Edit IdP ​form, click the Edit​ button next to the IdP Metadata.​
   
6. Update the metadata with your new security certificate information and click Save​.
   
   NOTE: It may take up to 10 minutes for the update to take effect.