Everything you need to know to avoid service disruption during SSO certificate expiration.
Q1: Why am I seeing a warning about certificate expiry in the app?
ANS: The warning banner indicates that the miniOrange SAML SSO app certificate used for authentication of SAML Request is nearing its expiration. This certificate is essential for secure communication between the miniOrange app and your Identity Provider (IdP).
Q2: Will this expiry affect my SSO functionality?
ANS: If your current app SP certificate is configured in your IdP, then Yes SSO will stop working once the certificate expires. To avoid disruption, we recommend updating your SP certificate before expiry. If it’s not configured, there’s nothing to worry about.
Q3: What should I do if I’ve configured the current SP certificate in my IdP?
ANS: You have two options:
- Generate a new SP certificate from the app and share the new metadata or public certificate with your IdP team to update the configuration.
- Wait for our upcoming plugin release, which will include a new certificate, but ensure your IdP is updated accordingly after the release.
Q4: How can I generate a new SP certificate manually?
ANS: Navigate to the app’s Certificates tab and click on Generate Certificate . Enter the following details to generate the new certificate.
After generating it, download the metadata or public certificate and provide it to your IdP team.
➡️ Refer this guide: Update SAML Certificate - miniOrange Plugin
Q5: Will regenerating a certificate affect my current SSO setup?
ANS: Yes, once the new certificate is generated, your IdP must be updated with the new public key to ensure SSO continues to function seamlessly.
Q6: When is the new app release coming? Will it update the certificate automatically?
ANS: The app is released a week prior to the date of certificate expiration. The upcoming app release will include a new SP certificate. No, the certificates will not be updated automatically. You will need to follow the necessary steps provided in the updated banner to complete the certificate update. Additionally, your IdP must be updated with the new metadata or public certificate to ensure SSO continues to work after the update.
Q7: I use multiple environments (Dev, QA, Prod). Do I need to update the certificate across all of them?
ANS: Yes, if each environment has its own SP certificate configured with the IdP, you’ll need to update the certificate in each environment individually.
Q8: Will I get notified again after the new release?
ANS: Yes, the app will display an updated banner after the release and it includes the necessary steps to complete the certificate update.
Q9: Who should I contact if I need help updating the certificate?
ANS: You can reach out to the miniOrange support team via the Support tab in the plugin or write to us at atlassiansupport@xecurify.com.
Q10: What are the details I need to gather before generating new certificates?
ANS: You need to provide the following details when generating custom certificates so the IdP can identify and trust your SP.
To verify your current certificate details, You can view your generated certificates, in the SP Information tab.
Q11: Is this certificate update required only for certain Identity Providers (IdPs), or is it applicable to all?
ANS: The certificate update is applicable to all Identity Providers (IdPs) that are configured to use the SP certificate from the miniOrange app.
If your IdP setup includes uploading the app’s metadata or manually adding the SP certificate, you will need to update it once a new certificate is generated or released—regardless of the IdP you’re using.
This ensures continued SSO functionality without any disruption.
