Updating SSO Metadata

After you’ve enabled SSO in production, you might want to update the SSO metadata.

Reasons for updating the metadata include:

• The identity provider or service provider certificate has expired.

• The identity provider or provider key has been compromised.

• The identity provider URL endpoints need to be updated.

If any of these reasons applies, then:

1. Schedule an update of the SSO metadata in advance, because it requires an outage.
2. Disable SSO using Disable SSO.
3. Update the identity provider or service provider metadata as needed.
4. Test the configuration, as described in Testing SSO.
5. After testing shows that SSO is working correctly, reenable SSO by clicking Enable SSO as described in Enabling SSO.