When your self-signed SAML signing certificate expires, you must regenerate a new signing certificate in the Workspace ONE Access console and reconfigure all SAML service provider and identity provider configurations with the updated SAML metadata files.
Take a snapshot of your Workspace ONE Access virtual appliance, connectors, and database before you update the SAML metadata.
- In the Workspace ONE Access console Catalog tab, select Web Apps > Settings > SAML Metadata.
- To confirm that the certificate has expired, open the Service Provider metadata file and the Identity Provider metadata file and verify that the validUntil date has expired.
- To create a new self-signing certificate, in the Signing Certificate section on the SAML Metadata page, click REGENERATE.
The self-signed certificate is regenerated and the Service Provider and Identity Provider metadata is updated. Open the files to view the updated validUntil date.
- Go to the Identity & Access Management tab Connectors page and click Refresh Metadata for each connector to update the connectors with the regenerated metadata.
What to do next
Make the SAML metadata available to the third-party identity provider instances. In the SAML Metadata page, copy and save the service provider and identity provider metadata files. Reconfigure your SAML service provider and identity provider configuration with the updated SAML metadata files.