For application connections that are multiplexed, or are manually configured customer connections, the PingOne SSO for SaaS Apps universal certificate is the primary and renewal certificate, used for both verification and encryption. In these cases, when notified, you need to update the PingOne universal certificate.

Check the Dashboard in the PingOne SSO for SaaS Apps admin portal to see whether a certificate is due to expire. PingOne SSO for SaaS Apps will also send you an email notifying you when the universal certificate is nearing expiration.

  1. For manually configured customer connections, to update the PingOne SSO for SaaS Apps universal certificate:
    1. In the PingOne SSO for SaaS Apps admin portal, go to the Customer Connections, select the application and click Details > Edit.
    2. For Verification Certificate, click the dropdown list and select the Renewal Certificate.
    3. Optional: If you choose to download the PingOne SSO for SaaS Apps metadata, the updated PingOne SSO for SaaS Apps (Renewal) certificate and Encryption certificate is included in the metadata file.
    4. Optional: You can also choose to separately download any of the certificates:
      • Existing (expiring) Verification certificate
      • New Renewal certificate
      • New Encryption certificate
    5. Click to Save your changes.
  2. For all other multiplexed applications, select to update each application that uses multiplexing and update the certificate. See Adding or updating a SAML-enabled application for instructions.