Skip to main content

SAML certificate management

Note

Only owners of Enterprise organizations can manage SAML certificates.

The SSO setup page lets you manage your service provider (SP) certificates. You can activate, deactivate, copy, or download your SP certificates.

Make provides a new certificate when your active SP certificate is close to expiring. Email notifications let you know when it's time to rotate your certificates.

Rotate service provider certificates

To maintain the security of your SSO setup, Make supports service provider (SP) certificate rotation on a 3-year basis. When your SP certificate is 90 days from expiring, Make provides a new certificate and sends you an email. Rotate your certificate before it expires to avoid login failure. You can see when your certificate expires by looking under the Expires column of the Service Provider Certificates section of your SSO setup.

You can activate your new certificate and copy or download it with the following steps:

  1. Log in to your Make account.

  2. Go to the SSO section of your organization dashboard.

  3. Under SSO configuration, find your Service Provider Certificates.

  4. Find your new certificate. Refer to the Valid from and Expires dates if you are unsure.

  5. On the right side of the row for your new certificate, click Activate.

  6. A popup asks you to confirm activation. Click Activate.

    Tip

    Any logged-in users stay logged in after you click Activate.

  7. Next to Activate, click chevron.png.

  8. Select Copy or Download based on how you need to enter your certificates in your identity provider.

  9. Go to your identity provider and update your service provider certificate. If you use Okta, refer to our implementation tutorial for details.

Your service provider certificate is up to date. If you have more than one active certificate, Make deactivates the certificate that expires first. You can check the Expires column to see when your certificates expire.

Caution

Only click Save if you make other changes to your setup. Clicking Save:

  • Is not required to activate and rotate your certificate.

  • Immediately logs out all organization members.

Activate a certificate

You can see which certificates are active by looking in the Status column.

activeStatus.png means the certificate is in use in your SAML SSO configuration. No further action required.

inactiveStatus.png means the certificate is not used in your SAML SSO configuration. Make automatically deactivates certificates that expire as long as you have another valid active certificate.

To activate a certificate:

  1. Log in to your Make account.

  2. Go to the SSO section of your organization dashboard.

  3. Under SSO configuration, find your Service Provider Certificates.

  4. Find the certificate in the list.

  5. Under Actions, click Activate.

  6. A popup asks you to confirm activation. Click Activate.

    Tip

    Any logged-in users stay logged in after you click Activate.

A confirmation message appears in the lower right corner for a few seconds. Under the Status column, activeStatus.png appears. No further action is required.

Caution

Only click Save if you make other changes to your setup. Clicking Save:

  • Is not required to activate your certificate.

  • Immediately logs out all organization members.

Deactivate a certificate

Warning

At least one certificate must be active.

You can only deactivate a certificate if there is another active certificate. This prevents accidental deactivation of your only active certificate.

If you have more than one active certificate, Make deactivates the older certificate for you when it expires. Don't worry, Make won't deactivate your only active certificate.

To deactivate a certificate:

  1. Log in to your Make account.

  2. Go to the SSO section of your organization dashboard.

  3. Under SSO configuration, find your Service Provider Certificates.

  4. Find the certificate in the list.

  5. Under Actions, click Deactivate.

A confirmation message appears in the lower right corner for a few seconds. Under the Status column, inactiveStatus.png appears.

Copy a certificate

If your identity provider (IdP) lets you paste your service provider (SP) certificates into your setup, you can copy your SP certificate into your clipboard.

  1. Log in to your Make account.

  2. Go to the SSO section of your organization dashboard.

  3. Under SSO configuration, find your Service Provider Certificates.

  4. Find the certificate in the list.

  5. On the right side of the row for your certificate, click chevron.png.

  6. Select Copy.

Your SP certificate is copied to your clipboard and ready to paste into your IdP setup.

Download a certificate

If your identity provider (IdP) lets you upload your service provider (SP) certificates into your setup, you can download your SP certificate as a .pem file.

  1. Log in to your Make account.

  2. Go to the SSO section of your organization dashboard.

  3. Under SSO configuration, find your Service Provider Certificates.

  4. Find the certificate in the list.

  5. On the right side of the row for your certificate, click chevron.png.

  6. Select Download.

Your browser downloads your SP certificate as a .pem file. You can find it in your downloads folder.

In this section: