SAML signing certificates ensure that messages are coming from the expected identity and service providers. The SAML certificate is used to sign SAML requests, responses, and assertions from the service to relying applications, such as WebEx or Google Apps.
The SAML Metadata page displays from the Catalog > Settings tab. The SAML signing certificate is displayed. Links for the SAML Identity Provider and Service Provider metadata files are also available from this page. The metadata includes configuration information and the certificates.
A self-signed certificate is automatically created in the Workspace ONE Access service for SAML signing. If your organization requires a certificate from a certificate authority, you can generate a Certificate Signing Request (CSR) from the Workspace ONE Access console and use the CSR for generating a certificate. When you receive the signed certificate, you upload the certificate to the Workspace ONE Access service, replacing the self-signed certificate. The SAML signing certificate and the SAML metadata files are updated with the new certificate.