ADFS Certificate autoenrollment

Hello, guys.
Just curious, what will happens when my ADFS certificate will autoenroll for a new one upon certificate expiration. Do I de able to log in? Or all team will be locked due to the certificate mismatch. How can I avoid this?

Hi! @aleksandr.ivanov
Great question :smiley: Without taking action beforehand, autoupdating certificates will lock you out. It is though possible to mitigate this.

Are you given a certificate autoupdate date that you can prepare for? If so, to mitigate being locked out you can disable the SSO integration before this happens. Re-upload your new certificate and then re-enable the SSO integration.

Another option is, if you are logged in as the owner of the account when the certificate expires, and the configurable SSO Session Expiry time has not yet passed, then you should still be able to access the account, without having to re-authenticate with ADFS. With that you can disable SAML to re-upload your certificate.

Of course the prerequisite to being able to enable/disable/upload certificates is that you have access to the account with Owner Role. If though, you are locked out then you can get in touch with us in Support at any time, and we can get SAML disabled for you.

Well, looks like the best way to to this it is disable auto enrollment and put a trigger on monitoring. Enroll it, then update asap on sso page.

@aleksandr.ivanov That also sounds like a good option. Remember you’re always welcome to get in touch with us if you do get locked out. We’re happy to help at: