Single Sign-On Overview
Single sign-on (SSO) is an authentication process that allows a user to access multiple applications with one set of login credentials. This means, the login credentials you use every day on other systems within your company, can be connected to ProviderTrust in a way that does not require you to manage separate logins. If your company is using SSO to access the Passport system, then there is an important renewal date to keep in mind once your system is up and running.
Certificate Expiration Overview
Your company's security team established a certificate expiration date that is likely shared across every SSO implementation. That date might be a few years away or just a few months from when SSO was implemented with ProviderTrust. The team on your end that implemented SSO will be the best source of information on what the expiration date is, and if there's any intervention needed to ensure a smooth renewal.
If the certificate is not replaced before the expiration date, your users will be unable to access ProviderTrust applications. A valid, up-to-date certificate is needed in order to ensure that all login requests are legitimate.
What do we do if our certificate is about to expire?
There are two methods of SSO implementation that have two different methods of updating the expiring SSO Certificate:
1. Your team sent metadata through a URL link (usually ADFS)
During implementation, customers using this method shared their metadata with ProviderTrust through a URL link. Your team will need to generate a new certificate within your Identity Provider (IdP) system. Your SSO connection with ProviderTrust is configured to retrieve your IdP’s metadata from the originally provided URL. Once the new certificate is made available through that URL, ProviderTrust will automatically configure your SSO connection to use it (this may take up to one day to take effect).
2. Your team sent metadata through a metadata file (usually SAML)
During implementation, customers using this method shared their metadata with ProviderTrust through a metadata file. You will need to generate a new certificate within your Identity Provider (IdP) system and send that new certificate to ProviderTrust. Our technical team will then update your SSO connection to use the new certificate.
Please return your new certificate to ProviderTrust no later than five business days before the current certificate will expire to help ensure a smooth transition.