Retrieve SAML metadata and certificates from the Settings page. Use the metadata and certificates with other systems for single sign-on capabilities.

Before Replacing SSL Certificates

If you replace an existing SSL certificate, this action changes the existing SAML metadata.


All single sign-on connections that depend on the existing SAML metadata break when the CSR generation creates the SAML metadata.


If you do replace an SSL certificate, you must update SaaS applications that you configure for mobile single sign-on with the latest certificate.

Download the Self-Signed SAML Metadata or Generate a CSR

Copy the SAML signing certificate, and copy and save the identity and service provider metadata. You can also generate a certificate signing request to apply for an SSL certificate from your certificate authority.

  1. Navigate to Apps & Books > Applications > Web > SaaS and select Settings.
  2. Select SAML Metadata > Download SAML Metadata and complete the tasks.

    Setting Description
    SAML Metadata

    Copy and save the Identity Provider metadata and the Service Provider metadata.

    Select the links and open a browser instance with the XML data.

    Configure your third-party identity provider with this information.

    Signing Certificate

    Copy the signing certificate that includes all the code in the text area.

    You can also download the certificate to save it as a TXT file.

  3. Select Generate CSR and complete the tasks for requesting a digital identity certificate (SSL certificate) from your certificate authority. This request identifies your company, domain name, and public key. The third-party certificate authority uses it for issuing the SSL certificate. To update the metadata, upload the signed certificate.

    Setting Description
    Enter a New Certificate Signing Request
    Common Name Enter the fully qualified domain name for the organization's server.
    Organization Enter the name of the company that is legally registered.
    Department Enter the department in your company that the certificate references.


    Enter the city where the organization is legally located.
    State / Province Enter the state or province where the organization legally resides.
    Country Enter the legal country of residence for the organization.
    Key Generation Algorithm Select an algorithm used to sign the CSR.
    Key Size

    Select the number of bits used in the key. Select 2048 or larger.

    RSA key sizes smaller than 2048 are considered insecure.

    Replace a Certificate Signing Request
    Certificate Signing Request

    Download the certificate signing request (CSR). Send the CSR to the third-party certificate authority.

    The third-party certificate authority sends you an SSL certificate.

    Upload SSL Certificate

    Upload the SSL certificate received from your third-party certificate authority.