SAML uses
X.509 certificates to ensure the authenticity and integrity of messages shared between an Identity Provider (IdP) and Service Provider (SP). These certificates are associated with your SAML applications when you first install them via the Admin console and have a five-year lifetime. When a certificate expires, a user can’t sign in to the associated application using
SAML-based SSO.
To change an application’s existing certificate (e.g. because it’s about to expire or has been compromised in some way), an admin needs to “rotate” it. Traditionally, you could do this with help from Google Support. Today, we’re giving you the ability to do so on your own in the Admin console, where you can easily view certificates in use, identify those about to expire, create new ones, and assign them to applications.
Please note that only
super admins will be able to view the expiration status of SAML certificates and take action on them.
To learn more about SAML certificate rotation and how to manage certificates, please visit the
Help Center.
Launch DetailsRelease track:Launching to both Rapid Release and Scheduled Release
Editions:Available to all G Suite editions
Rollout pace:Gradual rollout (up to 15 days for feature visibility)
Impact:Admins only
Action:Admin action suggested/FYI
More InformationHelp Center: Using SAML to set up federated SSOHelp Center: Maintain SAML certificatesLaunch release calendarLaunch detail categoriesGet these product update alerts by emailSubscribe to the RSS feed of these updates
