search by google languageEN +41 43 500 62 45

Webmail

×

Q&A Managing SSO certificates on privasphere platform and keeping them up to date

This page will help you to manage SSO login to PrivaSphere and keeping Azure AD validation certificates up to date on PrivaSphere.

During enrolment of the service, you will be given a SSO Management account on the PrivaSphere platform.

All of the SSO management is in the “SSO Admin Panel” panel, from here you can change SSO login pictures and used certificates.

 

 

 

 

Q: How do I display my company logo during the SSO login process?

A: To showcase your company logo during the SSO login:

  • Look for the "Upload SSO images" section.
  • Click on “Choose image/svg...” and choose the desired image or SVG file (ensure it's size is below 50KB). (1. in the image below)
  • Click on the "Upload" button. (2. in the image below)
  • All such administrative actions are logged in the administrators’ account security log.

 

 

 

We recommend to use a SSO-Button image that relates to your “corporate identity” and/or contains a text with reference to “SSO” or “single-sign-on” or “MFA” (your IDP achieves that security level) or … .

If you wish to change the existing logo:

Click on "Delete Picture".

Follow the aforementioned steps to upload a new one.

 

 

 

Your logo will be prominently displayed during the SSO login prompt, as well as under My Account > Login-Settings.

 

If an end-user already has a login and you chose not to overrule pre-existing credentials by your IDP, those users will have to activate the SSO after having signed up to PrivaSphere:

 

 

 

Regular / recurring administrative actions

Q: What's the procedure to add certificates?

A: To add a certificate:

Click on "Choose cert...". (1. in the image below)

Your selected certificate will appear above the upload button, allowing you to review or delete any mistakenly added certificates prior to finalizing the upload. (2. In the image)

 

 

 

Q: Can I upload multiple certificates?

A: Absolutely. When implementing SSO, all uploaded certificates are cross-checked, and the appropriate certificate is utilized to authenticate users.

 

Q: What should I do if my certificate is nearing its expiration?

A: Once your certificate expires and is no longer used by your IDP, you can easily remove it. Furthermore, you can add a new certificate (prior to it really being used by your IDP) for seamless rollover without necessitating any action from the users.

Rollover certificates in Azure AD: https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/tutorial-manage-certificates-for-federated-single-sign-on#customize-the-expiration-date-for-your-federation-certificate-and-roll-it-over-to-a-new-certificate

Please mark expirations also in your calendar because otherwise, one morning, your entire staff may no longer to be able log in .

 

Q: How do I oversee and manage my certificates?

A: A dedicated table is present beneath the upload button that provides a comprehensive view of your certificates. This table includes details like the certificate name, its expiration status, validity status, upload date, expiry date(black color means that the certificate is valid for more than 60 days, green – valid more than 30 days but less then 60, yellow – valid for less than 30 days and will expire soon and red – has expired) and an issuer button to gather more insights about the certificate. Additionally, there's an option to delete each certificate as needed.

 

 

 

Q: How do I procure the Azure AD endpoints SAML certificate?

A: To retrieve the Azure AD endpoints SAML certificate:

 

----------

If your end-point URL changes or you want to serve additional sub-domains, please contact PrivaSphere support.