{"id":93273,"date":"2023-07-06T19:49:56","date_gmt":"2023-07-06T23:49:56","guid":{"rendered":"https:\/\/jumpcloud.com\/?post_type=support&#038;p=93273"},"modified":"2023-08-22T11:52:29","modified_gmt":"2023-08-22T15:52:29","slug":"rotate-sso-certs","status":"publish","type":"support","link":"https:\/\/jumpcloud.com\/support\/rotate-sso-certs","title":{"rendered":"Rotate SSO Application Certificates, SCIM Token Keys, &amp; OIDC Tokens"},"content":{"rendered":"\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card note\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/note-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Note:<\/strong> \n<p>The following are recommended actions for all JumpCloud organizations using SSO applications:<\/p>\n\n\n\n<ul>\n<li>If you are using SAML for SSO, perform the steps in the <a href=\"https:\/\/jumpcloud.com\/support\/rotate-sso-certs#regenerate-saml-sso-application-certificates\">SAML SSO<\/a> section.<\/li>\n\n\n\n<li>If you are using OIDC for SSO, perform the steps in the <a href=\"#rotate-oidc-tokens\">OIDC<\/a> section. <\/li>\n\n\n\n<li>If you are using SCIM for Identity Management, perform the steps in the <a href=\"#rotate-scim-token-keys\">SCIM<\/a> section.<\/li>\n<\/ul>\n <\/div><\/div><\/div><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"saml\">Regenerate SAML SSO Application Certificates<\/h2>\n\n\n\n<div class=\"wp-block-cgb-accordion-faq-wysiwyg gutenberg-accordion\"><a class=\"gutenberg-accordion-header is-type-title-default has-text-night-blue\" href=\"#_to_regenerate_saml_sso_application_certificates\" data-action=\"collapse\"> To regenerate SAML SSO Application Certificates<\/a><div id=\"_to_regenerate_saml_sso_application_certificates\" class=\"gutenberg-accordion-content-container is-collapsible\"><div class=\"gutenberg-accordion-content\">\n<p>All SAML SSO integrations require a certificate and private key pair.&nbsp; This certificate and private key pair can be auto-generated by JumpCloud, or you can upload your own. In addition, some Service Providers require a Service Provider Certificate.&nbsp;&nbsp;<\/p>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card important\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/important-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Important:<\/strong> \n<p>Admins should review your Service Provider requirements prior to taking these steps to limit downtime and prevent lockouts.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card tip\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/tip-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Tip:<\/strong> \n<p>To rotate the cert for M365, please refer to the specific steps in the <a href=\"https:\/\/support.jumpcloud.com\/support\/s\/article\/single-sign-on-sso-with-office-3651\" target=\"_blank\" rel=\"noreferrer noopener\">SSO with M365<\/a> article.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>To regenerate a JumpCloud-created certificate and private key pair<\/strong><\/h4>\n\n\n\n<p>Complete the following steps for each SAML SSO app integration you have configured for which you would like to use a JumpCloud-created certificate and private key pair.&nbsp;<\/p>\n\n\n\n<ol>\n<li>Log in to the\u00a0<a href=\"https:\/\/console.jumpcloud.com\/\">JumpCloud Administrator Portal<\/a>.\u00a0<\/li>\n\n\n\n<li>Go to <strong>USER AUTHENTICATION<\/strong> &gt; <strong>SSO<\/strong>.<\/li>\n\n\n\n<li>Select an SSO application from the list.<\/li>\n\n\n\n<li>Click the small triangle to the right of <strong>IDP Certificate Valid<\/strong> in the Single sign-on section of the left-hand panel.<\/li>\n\n\n\n<li>Select <strong>Regenerate certificate<\/strong>.<\/li>\n\n\n\n<li>Click <strong>continue<\/strong>.<\/li>\n\n\n\n<li>After you regenerate the certificate, the private key is also regenerated.<\/li>\n\n\n\n<li>Click <strong>save<\/strong>.<\/li>\n<\/ol>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card important\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/important-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Important:<\/strong> \n<p>When you upload a new certificate, your private key is wiped. You need to upload a new private key after you upload a certificate.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>To update the IdP certificate in the Service Provider<\/strong><\/h4>\n\n\n\n<p>Depending on how the Service Provider accepts certificates, do one of the following to upload the new certificate in Service Provider\u2019s application.<\/p>\n\n\n\n<p><strong>To update the IdP certificate in the Service Provider using a metadata URL<\/strong><\/p>\n\n\n\n<p>If the Service Provider supports updating the configuration and certificate from a metadata file URL:&nbsp;<\/p>\n\n\n\n<ol>\n<li>Log in to the\u00a0<a href=\"https:\/\/console.jumpcloud.com\/\">JumpCloud Administrator Portal<\/a>.\u00a0\u00a0<\/li>\n\n\n\n<li>Go to <strong>USER AUTHENTICATION<\/strong> &gt; <strong>SSO<\/strong>.<\/li>\n\n\n\n<li>Select an SSO application from the list.&nbsp;<\/li>\n\n\n\n<li>Click the <strong>SSO<\/strong> tab.<\/li>\n\n\n\n<li>Click <strong>Copy Metadata URL<\/strong>.<\/li>\n\n\n\n<li>From the <strong>Service Provider\u2019s<\/strong> application admin console, paste the metadata URL in the designated place in their SAML SSO configuration page or section.<\/li>\n\n\n\n<li>Save the changes.<\/li>\n<\/ol>\n\n\n\n<p><strong>To update the IdP certificate in the <strong>Service Provider<\/strong> using a metadata file<\/strong><\/p>\n\n\n\n<p>If the Service Provider supports extracting the certificate from the metadata file:&nbsp;<\/p>\n\n\n\n<ol>\n<li>Export the metadata file from SSO configured applications page\n<ol class=\"is-lower-alpha\">\n<li>Log in to the\u00a0<a href=\"https:\/\/console.jumpcloud.com\/\">JumpCloud Administrator Portal<\/a>.\u00a0\u00a0<\/li>\n\n\n\n<li>Go to <strong>USER AUTHENTICATION<\/strong> &gt; <strong>SSO<\/strong>.<\/li>\n\n\n\n<li>Click the checkbox next to the SSO application in the list.<\/li>\n\n\n\n<li>Click <strong>Export Metadata<\/strong>.<\/li>\n<\/ol>\n<\/li>\n\n\n\n<li>Alternatively, you can export the metadata file from the application\u2019s configuration details page.\n<ol class=\"is-lower-alpha\">\n<li>Log in to the\u00a0<a href=\"https:\/\/console.jumpcloud.com\/\">JumpCloud Administrator Portal<\/a>.\u00a0<\/li>\n\n\n\n<li>Go to <strong>USER AUTHENTICATION<\/strong> &gt; <strong>SSO<\/strong>.<\/li>\n\n\n\n<li>Select an SSO application from the list.<\/li>\n\n\n\n<li>Click the <strong>SSO<\/strong> tab.<\/li>\n\n\n\n<li>Click <strong>Export Metadata<\/strong>.<\/li>\n<\/ol>\n<\/li>\n\n\n\n<li>From the <strong>Service Provider\u2019s<\/strong> application admin console, upload the metadata file in the designated place in their SAML SSO configuration page or section.<\/li>\n\n\n\n<li>Save the changes.<\/li>\n<\/ol>\n\n\n\n<p><strong>To update the IdP certificate in the <strong>Service Provider<\/strong> by uploading the certificate<\/strong><\/p>\n\n\n\n<p>If the Service Provider supports uploading the IdP certificate file (.pem):<\/p>\n\n\n\n<ol>\n<li>If you just saved the application, from the notification in the upper-right corner of the screen click <strong>Download Certificate<\/strong>.<\/li>\n\n\n\n<li>Otherwise, download the certificate from the application\u2019s configuration details page.\n<ol class=\"is-lower-alpha\">\n<li>Reopen the application,&nbsp;<\/li>\n\n\n\n<li>Click the small triangle to the right of <strong>IDP Certificate Valid<\/strong> in the <strong>Single sign-on<\/strong> section of the left-hand panel<\/li>\n\n\n\n<li>Select <strong>Download Certificate<\/strong>.<\/li>\n<\/ol>\n<\/li>\n\n\n\n<li>From the <strong>Service Provider\u2019s<\/strong> application admin console, upload the certificate file in the designated place in their SAML SSO configuration page or section.<\/li>\n\n\n\n<li>Save the changes.<\/li>\n<\/ol>\n\n\n\n<p><strong>To update the IdP certificate in the <strong>Service Provider<\/strong> by copying and pasting the contents of the certificate file<\/strong><\/p>\n\n\n\n<p>If the Service Provider supports copying and pasting the contents of the certificate file (.pem):<\/p>\n\n\n\n<ol>\n<li>If you just saved the application, from the notification in the upper-right corner of the screen click <strong>Download Certificate<\/strong>.<\/li>\n\n\n\n<li>Otherwise, download the certificate from the application\u2019s configuration details page.\n<ol class=\"is-lower-alpha\">\n<li>Reopen the application,&nbsp;<\/li>\n\n\n\n<li>Click the small triangle to the right of IDP Certificate Valid in the Single sign-on section of the left-hand panel<\/li>\n\n\n\n<li>Select <strong>Download Certificate<\/strong>,<\/li>\n<\/ol>\n<\/li>\n\n\n\n<li>From the <strong>Service Provider&#8217;s<\/strong> application admin console, navigate to the SAML SSO configuration page or section.<\/li>\n\n\n\n<li>Open the certificate file (.pem) you downloaded from JumpCloud.<\/li>\n\n\n\n<li>Copy the contents of the certificate file<\/li>\n\n\n\n<li>Paste the contents of the certificate file in the designated place in the SAML SSO configuration page or section.<\/li>\n<\/ol>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card important\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/important-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Important:<\/strong> \n<p>Refer to the <strong>Service Provider<\/strong> documentation to determine if \u201c&#8212;&#8211;BEGIN CERTIFICATE&#8212;&#8211;\u201d and &#8212;&#8211;END CERTIFICATE&#8212;&#8211; should or should not be included when pasting the certificate contents.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<ol start=\"7\">\n<li>Save the changes.<\/li>\n<\/ol>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>To update the <strong>Service Provider<\/strong> certificate in JumpCloud<\/strong><\/h4>\n\n\n\n<p>Some Service Providers require a Service Provider certificate. After you have updated the new JumpCloud IdP certificate, complete the following steps for each SAML SSO app integration you have configured that requires a Service Provider certificate.&nbsp;<\/p>\n\n\n\n<p><strong>To update the <strong>Service Provider<\/strong> certificate in JumpCloud by uploading the <strong>Service Provider<\/strong> metadata file<\/strong><\/p>\n\n\n\n<ol>\n<li>From the Service Provider&#8217;s application admin console, navigate to the SAML SSO configuration page or section.<\/li>\n\n\n\n<li>Select the option to download the Service Provider metadata file.<\/li>\n\n\n\n<li>Log in to the\u00a0<a href=\"https:\/\/console.jumpcloud.com\/\">JumpCloud Administrator Portal<\/a>.\u00a0\u00a0<\/li>\n\n\n\n<li>Go to <strong>USER AUTHENTICATION<\/strong> &gt; <strong>SSO<\/strong>.<\/li>\n\n\n\n<li>Select an SSO application from the list.<\/li>\n\n\n\n<li>Click the <strong>SSO<\/strong> tab.<\/li>\n\n\n\n<li>Click <strong>Upload Metadata<\/strong> in the <strong>Service Provider Metadata<\/strong> section.<\/li>\n\n\n\n<li>Browse to the metadata file.<\/li>\n\n\n\n<li>Click <strong>Open<\/strong>.<\/li>\n\n\n\n<li>Click <strong>save<\/strong>.<\/li>\n<\/ol>\n\n\n\n<p><strong>To update the <strong>Service Provider<\/strong> certificate in JumpCloud by uploading the certificate file<\/strong><\/p>\n\n\n\n<ol>\n<li>From the Service Provider&#8217;s application admin console, navigate to the SAML SSO configuration page or section.<\/li>\n\n\n\n<li>Select the option to download the Service Provider certificate.<\/li>\n\n\n\n<li>Log in to the\u00a0<a href=\"https:\/\/console.jumpcloud.com\/\">JumpCloud Administrator Portal<\/a>.\u00a0\u00a0<\/li>\n\n\n\n<li>Go to <strong>USER AUTHENTICATION<\/strong> &gt; <strong>SSO<\/strong>.<\/li>\n\n\n\n<li>Select an SSO application from the list.<\/li>\n\n\n\n<li>Click the <strong>SSO<\/strong> tab.<\/li>\n\n\n\n<li>Scroll to the <strong>Service Provider<\/strong> certificate section.<\/li>\n\n\n\n<li>Click <strong>Replace <strong>Service Provider<\/strong> Certificate<\/strong>.<\/li>\n<\/ol>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card important\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/important-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Important:<\/strong> \n<p>For a pre-built SSO integration, if there is no section or button, a Service Provider certificate is not required.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<ol start=\"9\">\n<li>Browse to the certificate file.<\/li>\n\n\n\n<li>Click <strong>Open<\/strong>.<\/li>\n\n\n\n<li>Click <strong>save<\/strong>.<\/li>\n<\/ol>\n<\/div><\/div><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"scim\">Rotate SCIM Token Keys<\/h2>\n\n\n\n<div class=\"wp-block-cgb-accordion-faq-wysiwyg gutenberg-accordion\"><a class=\"gutenberg-accordion-header is-type-title-default has-text-night-blue\" href=\"#to_rotate_scim_token_keys\" data-action=\"collapse\">To rotate SCIM Token Keys<\/a><div id=\"to_rotate_scim_token_keys\" class=\"gutenberg-accordion-content-container is-collapsible\"><div class=\"gutenberg-accordion-content\">\n<p><strong>Prerequisites<\/strong><\/p>\n\n\n\n<ul>\n<li>Admin login credentials are required for each Service Provider\u2019s application for which a SCIM integration is configured.<\/li>\n<\/ul>\n\n\n\n<p>Steps to take in JumpCloud:<\/p>\n\n\n\n<ol>\n<li>Log in to the\u00a0<a href=\"https:\/\/console.jumpcloud.com\/\">JumpCloud Administrator Portal<\/a>.\u00a0<\/li>\n\n\n\n<li>Go to <strong>USER AUTHENTICATION<\/strong> &gt; <strong>SSO<\/strong>.<\/li>\n\n\n\n<li>Search for the application that you\u2019d like to deactivate and click to open its details panel.&nbsp;<\/li>\n\n\n\n<li>Under the company name and logo on the left hand side, click <strong>Deactivate IdM connection<\/strong> under the <strong>Identity<\/strong> <strong>Management<\/strong> section.<br><img decoding=\"async\" width=\"1804\" height=\"1328\" class=\"wp-image-92960\" style=\"width: 600px\" src=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/07\/deactivete-idm-connection-1.png\" alt=\"\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/07\/deactivete-idm-connection-1.png 1804w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/07\/deactivete-idm-connection-1-300x221.png 300w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/07\/deactivete-idm-connection-1-1024x754.png 1024w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/07\/deactivete-idm-connection-1-768x565.png 768w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/07\/deactivete-idm-connection-1-1536x1131.png 1536w\" sizes=\"(max-width: 1804px) 100vw, 1804px\" \/><\/li>\n\n\n\n<li>Click <strong>confirm<\/strong> to deactivate Identity Management for the application.<\/li>\n<\/ol>\n\n\n\n<p>Steps to take in Service Provider:<\/p>\n\n\n\n<ol>\n<li>Disable existing token, if possible.<\/li>\n\n\n\n<li>Generate a new token.<\/li>\n<\/ol>\n\n\n\n<p>Steps to take in JumpCloud:<\/p>\n\n\n\n<ol>\n<li>Reconfigure Identity Management connection using the new token following the steps from the Help Center article specific to the app in question or the Custom SCIM integration.<\/li>\n<\/ol>\n\n\n\n<p>Learn More:<\/p>\n\n\n\n<ul>\n<li><a href=\"https:\/\/jumpcloud.com\/support\/provision-and-manage-users-and-groups-in-apps-using-custom-scim-identity-management-integration#deactivating-an-identity-management-integration-\">Custom SCIM integration<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/jumpcloud.com\/support\/integrate-with-slack#deactivating-an-identity-management-integration-\">Slack SCIM integration<\/a><\/li>\n\n\n\n<li>From <a href=\"https:\/\/jumpcloud.com\/support\">https:\/\/jumpcloud.com\/support<\/a>, search for the application name of the application for which you configured a SCIM integration in JumpCloud.&nbsp; The article name will be either \u201cIntegrating with {application name}\u201d or \u201cIdentity Management with {application name}\u201d<\/li>\n<\/ul>\n<\/div><\/div><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"oidc\">Regenerate OIDC Secrets<\/h2>\n\n\n\n<div class=\"wp-block-cgb-accordion-faq-wysiwyg gutenberg-accordion\"><a class=\"gutenberg-accordion-header is-type-title-default has-text-night-blue\" href=\"#to_update_oidc_secrets\" data-action=\"collapse\">To update OIDC Secrets<\/a><div id=\"to_update_oidc_secrets\" class=\"gutenberg-accordion-content-container is-collapsible\"><div class=\"gutenberg-accordion-content\">\n<p><strong>Prerequisites<\/strong><\/p>\n\n\n\n<ul>\n<li>Admin login credentials for each service provider\u2019s application for which an SSO OIDC integration is configured.<\/li>\n<\/ul>\n\n\n\n<p>Steps to take in JumpCloud:<\/p>\n\n\n\n<ol>\n<li>Log in to the\u00a0<a href=\"https:\/\/console.jumpcloud.com\/\">JumpCloud Administrator Portal<\/a>.\u00a0<\/li>\n\n\n\n<li>Go to <strong>USER AUTHENTICATION<\/strong> &gt; <strong>SSO<\/strong> and open the OIDC application.<\/li>\n\n\n\n<li>In the left aside, click <strong>Client Secret Valid &gt; Regenerate Secret.<\/strong> <\/li>\n\n\n\n<li>Click <strong>Regenerate <\/strong>when the <strong>Regenerate Client Secret<\/strong> window appears<\/li>\n\n\n\n<li>Copy and store the new <strong>Client Secret<\/strong> in a safe location, like a password manager. <br><img decoding=\"async\" width=\"438\" height=\"567\" class=\"wp-image-96138\" style=\"width: 300px\" src=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/07\/OIDC-regenerate-secret.jpg\" alt=\"\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/07\/OIDC-regenerate-secret.jpg 438w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/07\/OIDC-regenerate-secret-232x300.jpg 232w\" sizes=\"(max-width: 438px) 100vw, 438px\" \/><\/li>\n\n\n\n<li>Click <strong>Got It.<\/strong><\/li>\n<\/ol>\n\n\n\n<p>Steps to take in Service Provider:<\/p>\n\n\n\n<ol>\n<li>Update the Service Provider configuration with the regenerated <strong>Client Secret<\/strong>.<\/li>\n<\/ol>\n\n\n\n<p>Learn More:<\/p>\n\n\n\n<ul>\n<li><a href=\"https:\/\/jumpcloud.com\/support\/sso-with-oidc\">SSO with OIDC<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/jumpcloud.com\/support\/oidc-attributes-claims\">OIDC Attributes (Claims)<\/a><\/li>\n<\/ul>\n<\/div><\/div><\/div>\n\n\n\n<h2 class=\"wp-block-heading\">Additional Resources <\/h2>\n\n\n\n<ul>\n<li>Enable MFA for all JumpCloud administrators and end users. To ensure MFA is set up for all accounts, see:\n<ul>\n<li><a href=\"https:\/\/jumpcloud.com\/support\/enable-mfa-for-the-admin-portal\">MFA for Admins<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/jumpcloud.com\/support\/require-mfa-for-users\">MFA for Users<\/a><\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Ensure you are enforcing rigorous <a href=\"https:\/\/jumpcloud.com\/support\/manage-password-and-security-settings#setting-length,-complexity,-and-originality-requirements\">password complexity<\/a> requirements.<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Regenerate SAML SSO Application Certificates Rotate SCIM Token Keys Regenerate OIDC Secrets Additional Resources<\/p>\n","protected":false},"author":200,"featured_media":0,"template":"","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","inline_featured_image":false,"footnotes":""},"support_category":[2855],"support_tag":[],"coauthors":[2841],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v22.9 (Yoast SEO v22.9) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Rotate SSO Application Certificates, SCIM Token Keys, &amp; OIDC Tokens - JumpCloud<\/title>\n<meta name=\"robots\" content=\"noindex, follow\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Rotate SSO Application Certificates, SCIM Token Keys, &amp; OIDC Tokens\" \/>\n<meta property=\"og:description\" content=\"Regenerate SAML SSO Application Certificates Rotate SCIM Token Keys Regenerate OIDC Secrets Additional Resources\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jumpcloud.com\/support\/rotate-sso-certs\" \/>\n<meta property=\"og:site_name\" content=\"JumpCloud\" \/>\n<meta property=\"article:modified_time\" content=\"2023-08-22T15:52:29+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/07\/deactivete-idm-connection-1.png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"7 minutes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data2\" content=\"natecopt\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/jumpcloud.com\/support\/rotate-sso-certs\",\"url\":\"https:\/\/jumpcloud.com\/support\/rotate-sso-certs\",\"name\":\"Rotate SSO Application Certificates, SCIM Token Keys, &amp; OIDC Tokens - JumpCloud\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/jumpcloud.com\/support\/rotate-sso-certs#primaryimage\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/support\/rotate-sso-certs#primaryimage\"},\"thumbnailUrl\":\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/07\/deactivete-idm-connection-1.png\",\"datePublished\":\"2023-07-06T23:49:56+00:00\",\"dateModified\":\"2023-08-22T15:52:29+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/jumpcloud.com\/support\/rotate-sso-certs#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/jumpcloud.com\/support\/rotate-sso-certs\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/support\/rotate-sso-certs#primaryimage\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/07\/deactivete-idm-connection-1.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/07\/deactivete-idm-connection-1.png\",\"width\":1804,\"height\":1328},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/jumpcloud.com\/support\/rotate-sso-certs#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/jumpcloud.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Support\",\"item\":\"https:\/\/jumpcloud.com\/support\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Rotate SSO Application Certificates, SCIM Token Keys, &amp; OIDC Tokens\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/jumpcloud.com\/#website\",\"url\":\"https:\/\/jumpcloud.com\/\",\"name\":\"JumpCloud\",\"description\":\"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.\",\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/jumpcloud.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/jumpcloud.com\/#organization\",\"name\":\"JumpCloud\",\"url\":\"https:\/\/jumpcloud.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"width\":598,\"height\":101,\"caption\":\"JumpCloud\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Rotate SSO Application Certificates, SCIM Token Keys, &amp; OIDC Tokens - JumpCloud","robots":{"index":"noindex","follow":"follow"},"og_locale":"en_US","og_type":"article","og_title":"Rotate SSO Application Certificates, SCIM Token Keys, &amp; OIDC Tokens","og_description":"Regenerate SAML SSO Application Certificates Rotate SCIM Token Keys Regenerate OIDC Secrets Additional Resources","og_url":"https:\/\/jumpcloud.com\/support\/rotate-sso-certs","og_site_name":"JumpCloud","article_modified_time":"2023-08-22T15:52:29+00:00","og_image":[{"url":"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/07\/deactivete-idm-connection-1.png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"7 minutes","Written by":"natecopt"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/jumpcloud.com\/support\/rotate-sso-certs","url":"https:\/\/jumpcloud.com\/support\/rotate-sso-certs","name":"Rotate SSO Application Certificates, SCIM Token Keys, &amp; OIDC Tokens - JumpCloud","isPartOf":{"@id":"https:\/\/jumpcloud.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/jumpcloud.com\/support\/rotate-sso-certs#primaryimage"},"image":{"@id":"https:\/\/jumpcloud.com\/support\/rotate-sso-certs#primaryimage"},"thumbnailUrl":"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/07\/deactivete-idm-connection-1.png","datePublished":"2023-07-06T23:49:56+00:00","dateModified":"2023-08-22T15:52:29+00:00","breadcrumb":{"@id":"https:\/\/jumpcloud.com\/support\/rotate-sso-certs#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jumpcloud.com\/support\/rotate-sso-certs"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/support\/rotate-sso-certs#primaryimage","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/07\/deactivete-idm-connection-1.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/07\/deactivete-idm-connection-1.png","width":1804,"height":1328},{"@type":"BreadcrumbList","@id":"https:\/\/jumpcloud.com\/support\/rotate-sso-certs#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/jumpcloud.com\/"},{"@type":"ListItem","position":2,"name":"Support","item":"https:\/\/jumpcloud.com\/support"},{"@type":"ListItem","position":3,"name":"Rotate SSO Application Certificates, SCIM Token Keys, &amp; OIDC Tokens"}]},{"@type":"WebSite","@id":"https:\/\/jumpcloud.com\/#website","url":"https:\/\/jumpcloud.com\/","name":"JumpCloud","description":"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.","publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jumpcloud.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/jumpcloud.com\/#organization","name":"JumpCloud","url":"https:\/\/jumpcloud.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","width":598,"height":101,"caption":"JumpCloud"},"image":{"@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/93273"}],"collection":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support"}],"about":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/types\/support"}],"author":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/users\/200"}],"version-history":[{"count":2,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/93273\/revisions"}],"predecessor-version":[{"id":96209,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/93273\/revisions\/96209"}],"wp:attachment":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media?parent=93273"}],"wp:term":[{"taxonomy":"support_category","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support_category?post=93273"},{"taxonomy":"support_tag","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support_tag?post=93273"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/coauthors?post=93273"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}