Renew your SAML certificate

SAML uses X.509 certificates to ensure the authenticity and integrity of information shared between your identity provider and your directory.

A SAML certificate is only valid for a period of time. You specify the lifespan of your SAML certificate in your identity provider. We notify you 30 days before your certificate expires and then after your certificate expires.

To renew your SAML certificate, check the renewal instructions in the support documents of your identity provider. Then you can add the certificate to your SAML configuration.

Add the renewed certificate to your SAML configuration

  1. From your organization at admin.atlassian.com, select Security > Identity providers.

  2. Select identity provider Directory.

  3. Select View SAML single sign-on.

  4. Select Edit SAML single sign-on.

  5. Add renewed SAML Public x509 Certificate.

  6. Save SAML configuration.

Learn more about SAML single sign-on

3 comments

Richard Blundell
Contributor
January 15, 2025

Hi, We've used SAML SSO for years with Jira.  Our SSO certificate is due to expire shortly so I need to update it with a new one.  Following the instructions above I cannot even find where our existing SAML SSO certificate is registered/set in the Atlassian account.  It just says something about "Atlassian Guard".  I don't want to have to buy any additional products or licences just to update our single existing certificate.  I just need to update the certificate and I don't need to change anything else.  How can I do this?  Note that I don't see an identity provider in the list named "Directory", but I suspect that is not what you meant in your instructions, above ("2. Select identity provider Directory").

Like Matthew Atia likes this
reuben_hollifield
Contributor
January 31, 2025

Hi @Richard Blundell

I followed the process above and was able to renew our SSO certificate, however, the terminology looked a little different.  Just to note, I am a Jira Admin and Organization Admin and we also have Atlassian Guard.  I don't think you have to have Atlassian Guard to have SSO, so it seems like this should be available for you if you are an Org Admin.  Here are the steps I took: 

  • Login to your organization at https://admin.atlassian.com/ 
  • Select the Security tab
  • Click on your identity provider (Azure, etc). 
  • You should then see a figure of how many synced users and groups you have for that provider. 
  • Click on View SAML configuration
  • Paste your new certificate into the Public x509 certificate section.  (I used the "Paste as plain text" option which seemed to work best here)
  • Click Save 

That worked for us and I hope this works for you! 

Like Richard Blundell likes this
Richard Blundell
Contributor
February 3, 2025

Thank you, @reuben_hollifield, I'll try that when I look at this next!

Like reuben_hollifield likes this

Comment

Log in or Sign up to comment
TAGS
AUG Leaders

Atlassian Community Events