How to add or replace an x509 certificate for Azure Active Directory federations

Katy Harrison Updated by Katy Harrison

Make sure you have followed the steps to set up a federation between Advanced Single Sign-on (ASSO) and Azure Active Directory first. See those steps here.

These steps will show you how to add an x509 certificate for your Azure Active Directory (Azure AD) federation or how to replace your current x509 certificate if your existing one is going to expire.

  1. In Azure AD, navigate to Enterprise applications on the left-hand side navigation.
  1. Choose the Enterprise application that you want to require signature verification for.
  2. Select Single sign-on on the left hand side bar navigation.
  1. Within the SAML Certificates section, press download next to “Certificate (Base64)”.
  1. Navigate to the folder where the certificate has downloaded to, right click on the file and open it with Notepad. Delete the section that reads "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----".

On the second line with the text, press the backspace button so that the line moves up one. Repeat this for each of the lines beneath until you have one joined sentence.

Before changes:

After changes:

Copy the text that is left on the file as you will need it later.

  1. Head to MyWorkplace and navigate to Organisations, which can be located in Apps under System settings. Select the organisation that has the Azure AD federation configured.

Select the federation tab, select the federation that you wish to configure if it is pre-existing and then select the Details tab within.

  1. Make sure the following toggles are set to enabled:

✅ HTTP-POST binding response

✅ HTTP-POST binding for AuthnRequest

✅ Want assertions signed

✅ Validate signature

  1. Paste the value that you copied earlier into the text field and press save federation on the top right.

How did we do?

Federating Advanced Single Sign-On to Azure Active Directory

Contact