Applies to
- Enterprise
Capabilities
Who can use this capability
- System Admin
SAML: Replace an expired IdP certificate
Learn how to replace your IdP certificates so you can prevent service interruptions.
Who can use this?
Plans:
- Enterprise
- Smartsheet
Permissions:
- System Admin
Find out if this capability is included in Smartsheet Regions or Smartsheet Gov.
Overview
When a security certificate is about to expire, your Smartsheet SAML configuration may become disabled.
Smartsheet automatically sends an email to System Admins on the plan at 45 days and five days prior to the certificate’s expiration date. To avoid service disruption, you must ensure that your Identity Provider (IdP) security certificates are valid and up-to-date.
Depending on your IdP, the certificate may be deactivated up to 30 days in advance.
Prerequisites
- You need a new certificate generated from your IdP before you can replace your expiring IdP certificate and complete the rollover process discussed in this article.
- If you’re using the same EntityID as another Smartsheet plan, it’s possible you won’t see the edit option and you won't be able to edit the metadata. Have the System Admin of the other Smartsheet plan follow the steps in this article to update the metadata for everyone who is using it.
- If you need to know who the System Admin on the other plan is, check with your IT team.
- If they can't help, contact Smartsheet Support.
To replace an expired IdP certificate
It may take up to 10 minutes for the update to take effect.
- In Admin Center, select the Menu icon at the upper-left.
- Navigate to Settings > Authentication.
- Select Manage federated SSO Options.
In the Authentication form, select edit configuration.
Brandfolder Image- In the SAML Administration form, select edit on the IdP that is about to expire.
In the Edit IdP form, select the Edit button next to the IdP Metadata.
Brandfolder Image- Update the metadata with your new security certificate information and select Save.