SAML: Replace/Renew an Expired IdP Certificate

When a security certificate is about to expire, your Smartsheet SAML configuration may become disabled. Smartsheet will automatically send an email to System Admins on the account at45 days and 5 daysprior to the certificate’s expiration date. To avoid service disruption, you’ll need to make sure that your Identity Provider (IdP) security certificates are valid and up to date.

NOTES: Depending on your IdP, the certificate can become disabledup to 30 daysin advance.

Before You Begin: Requirements

Before you can replace your expiring IdP certificate and complete the rollover process discussed in this article, you’ll need to have a new certificate generated from your IdP.

NOTE: If you’re using the same EntityID as another Smartsheet account, it’s possible you won’t see the edit option and you won't be able to edit the metadata. In this case, have the System Admin of the other Smartsheet account follow the steps in this article to update the metadata for everyone who is using it. If you need to know who the System Admin on the other account is, check with your IT team. If they can't help, contact Smartsheet Support.

Replace Expired IdP Certificate

1. SelectAccount > Account Admin > Security Controls.
   
2. In the Security Controls form, clickEditin theAuthenticationsection.
3. SelectEditConfiguration.
4. In the SAML Administration form, clickEditon the IdP that is about to expire.
5. In the Edit IdP form, click theEditbutton next to the IdP Metadata.
   
6. Update the metadata with your new security certificate information and clickSave.
   
   NOTE: It may takeup to 10 minutesfor the update to take effect.