Retrieve SAML metadata and certificates from the Settings page for single sign-on capabilities with SaaS applications.


If you replace an existing SSL certificate, this action changes the existing SAML metadata.
Important: All single sign-on connections that depend on the existing SAML metadata break when the CSR generation creates the SAML metadata.
Note: If you do replace an SSL certificate, you must update SaaS applications that you configure for mobile single sign-on with the latest certificate.


  1. Navigate to Resources > Apps > SaaS and select Settings.
  2. Select SAML Metadata > Download SAML Metadata and complete the tasks.
    Setting Description
    SAML Metadata Copy and save the Identity Provider metadata and the Service Provider metadata.

    Select the links and open a browser instance with the XML data.

    Configure your third-party identity provider with this information.

    Signing Certificate Copy the signing certificate that includes all the code in the text area.

    You can also download the certificate to save it as a TXT file.

  3. Select Generate CSR and complete the tasks for requesting a digital identity certificate (SSL certificate) from your certificate authority.
    This request identifies your company, domain name, and public key. The third-party certificate authority uses it for issuing the SSL certificate. To update the metadata, upload the signed certificate.
    Setting - New Certificate Description
    Common Name Enter the fully qualified domain name for the organization's server.
    Organization Enter the name of the company that is legally registered.
    Department Enter the department in your company that the certificate references.
    City Enter the city where the organization is legally located.
    State / Province Enter the state or province where the organization legally resides.
    Country Enter the legal country of residence for the organization.
    Key Generation Algorithm Select an algorithm used to sign the CSR.
    Key Size Select the number of bits used in the key. Select 2048 or larger.

    RSA key sizes smaller than 2048 are considered insecure.

    Setting - Replace a Certificate Setting
    Upload SSL Certificate Upload the SSL certificate received from your third-party certificate authority.
    Certificate Signing Request Download the certificate signing request (CSR). Send the CSR to the third-party certificate authority.