SAML: Replace an expired IdP certificate

Learn how to replace your IdP certificates so you can prevent service interruptions.

Who can use this?

Plans:

  • Enterprise
  • Smartsheet

Permissions:

  • System Admin

Find out if this capability is included in Smartsheet Regions or Smartsheet Gov.

Overview

When a security certificate is about to expire, your Smartsheet SAML configuration may become disabled.
Smartsheet automatically sends an email to System Admins on the plan at 45 days and five days prior to the certificate’s expiration date. To avoid service disruption, you must ensure that your Identity Provider (IdP) security certificates are valid and up-to-date.

Depending on your IdP, the certificate may be deactivated up to 30 days in advance.

Prerequisites

  • You need a new certificate generated from your IdP before you can replace your expiring IdP certificate and complete the rollover process discussed in this article. 
  • If you’re using the same EntityID as another Smartsheet plan, it’s possible you won’t see the edit option and you won't be able to edit the metadata. Have the System Admin of the other Smartsheet plan follow the steps in this article to update the metadata for everyone who is using it.
    • If you need to know who the System Admin on the other plan is, check with your IT team.
    • If they can't help, contact Smartsheet Support.

To replace an expired IdP certificate

It may take up to 10 minutes for the update to take effect.

  1. In Admin Center, select the Menu icon at the upper-left.
  2. Navigate to Settings > Authentication​.
  3. Select Manage federated SSO Options.

  4. In the Authentication form, select edit configuration. 

    Edit Security Controls
  5. In the SAML Administration ​form, select edit​ on the IdP that is about to expire. 

  6. In the Edit IdP ​form, select the Edit​ button next to the IdP Metadata.​

    edit IdP metadata
  7. Update the metadata with your new security certificate information and select Save​.