Secure Access Help Center

Manage SAML Certificates for Identity Providers

To establish a trust relationship between Cisco Secure Access (service provider) and an integrated SAML identity provider (IdP), certificates are exchanged between Secure Access and the SAML IdP. An administrator uploads the service provider's certificates from the Secure Access XML Metadata to the IdP platform's trust store. Then, an administrator imports the SAML IdP's XML Metadata that contains the IdP's certificates in to Secure Access.

After you integrate an SAML identity provider (IdP) in Secure Access, you can manage the identity provider's certificates. Secure Access displays notifications about certificates that may expire. When the IdP certificates expire, an administrator must import new IdP certificates (XML Metadata) in Secure Access to prevent connection disruptions.

Secure Access manages the expiration of IdP certificates for various connection methods and SAML IdP integrations. IdP certificates are used to establish the trust relationship between the service provider and the IdP. The IdP authenticates users that connect to Secure Access with:

  • Zero Trust (ZT)
  • Networks and network tunnels protected by Internet Security
  • Virtual Private Networks (VPNs) with a configured VPN profile

Table of Contents

Prerequisites

Procedure

  • Manage IdP certificates integrated with Secure Access.
  • View notifications about the expiration of Secure Access certificates that are deployed in SAML IdP integrations and VPN Profiles.

View Notifications About Expired Identity Provider Certificates

  1. Navigate to Secure > Certificates > SAML Authentication > Identity Provider Certificates.
  1. Secure Access displays any notifications about expiring certificates.

Manage Web Security and Zero Trust Identity Provider Certificates

  1. Navigate to Secure > Certificates > SAML Authentication > Identity Provider Certificates.

  1. For Web Security and Zero Trust SAML, view the SAML IdP certificates integrated in Secure Access.

    • Issuer—The Certificate Authority that issued the certificate. Includes the common name (CN), organization unit (OU), and country of origin (C).
    • Serial number—The serial number of the certificate.
    • Expiration date—The date when the certificate is no longer valid.

Manage Virtual Private Network Identity Provider Certificates

  1. Navigate to Secure > Certificates > SAML Authentication > Identity Provider Certificates.

  1. For VPN SAML, click on a certificate in the list to open the certificate details.
    The certificate is found in the VPN Profile.

    • VPN Profile—The name of the VPN profile.
    • Issuer—The Certificate Authority that issued the certificate. Includes the common name (CN), organization unit (OU), and country of origin (C).
    • Serial number—The serial number of the certificate.
    • Expiration date—The date when the certificate is no longer valid.

  2. For Subject name, get the following certificate details:

    • Value
    • Serial number—The certificate's serial number.
    • Issued date—The date when the certificate was released.
    • Expiration date—The date when the certificate is no longer valid.
  1. Issued to is the entity that uses the certificate to build a trust relationship with Secure Access.
    For Issued to, get the following certificate details:

Common Name—The fully-qualified domain name that is secured by the certificate.

Organization—The organization that is issued the certificate.

Country—The country where the certificate was issued specified in the two-character country code.

  1. Issuer is the entity (trusted authority) that issues the certificate.
    For Issuer, get the following certificate details:

Common Name—The fully-qualified domain name that is secured by the certificate.

Organization—The organization that issued the certificate.

Country—The country where the certificate was issued specified in the two-character country code.

Manage SAML Certificates for Service Providers < Manage SAML Certificates for Identity Providers > VPN Certificates for User and Device Authentication

Updated 5 months ago