browse
Updated Certificate now available, action required.
You must renew the SWG SAML certificate before it expires on 12th August 2023.
The Umbrella SAML certificate used for Umbrella user identification will expire on the 12th of August 2023 06:44:04 (UTC).
You must update your Identity provider (IdP) with the new Umbrella SAML certificate before 12th of August 2023 06:44:04 (UTC). Updating this certificate is essential to avoid SAML user authentication failures and loss of internet access for these users, unless your IDP has already been configured to monitor the Umbrella SAML metadata URL provided below.
Download the updated SAML Metadata:
https://api.umbrella.com/admin/v2/samlsp/certificates/Cisco_Umbrella_SP_Metadata.xml
Download the updated SAML Certificate:
https://api.umbrella.com/admin/v2/samlsp/certificates/Cisco_Umbrella_SP_Certificate_Jun2023.cer
The metadata has been updated and includes both the current and the new signing certificate. At expiry of the current certificate, the new certificate will be used for signing. DO NOT delete any current certificates. Umbrella continues signing with the old certificate until the time of expiry.
This is an annual task, and the Umbrella metadata URL remains constant from previous years. When the certificate is renewed, we will update the metadata without changing the URL. This approach will support those identity providers, like ADFS and Ping Identity, that can monitor the relying party metadata URL and automatically update when the relying party metadata is updated with a new certificate.
For more information on renewal options see, https://support.umbrella.com/hc/en-us/articles/7079352658964
Note -
- Some Identity Providers do not perform validation of SAML request signatures and therefore do not require our new certificate. If in doubt, please contact your Identity Provider vendor for confirmation.
- If using the Umbrella SAML feature, Org-Specific EntityID feature, then you must not use URL-based metadata updates. Org-Specific Entity ID only applies if you have multiple Umbrella orgs linked to the same identity provider. In this scenario you should manually add the new certificate to each IDP configuration.
For more information, contact support.
Regards,
Umbrella Technical Support team.