Skip to main content

[Now Available, Action Required] Umbrella SWG SAML Certificate Expiring 26th September 2022

mmaciw
  • Updated
  • min read

Updated Certificate now available, action required.  

You must renew the SWG SAML certificate before it expires on 26th September 2022. 

 

The Umbrella SAML certificate that is used for Umbrella SWG user identification will expire on the 26th of September 2022 00:00 (UTC).  

You must update your Identity provider (IdP) with the new Umbrella SAML certificate before 26th of September 2022 00:00 (UTC). Updating this certificate is essential to avoid SAML user authentication failures and loss of internet access for these users.  

Download the updated SAML Metadata: 

https://api.umbrella.com/admin/v2/samlsp/certificates/Cisco_Umbrella_SP_Metadata.xml

Download the updated SAML Certificate:

https://api.umbrella.com/admin/v2/samlsp/certificates/Cisco_Umbrella_SP_Certificate_Aug2022.cer

The metadata includes both the current and the new signing certificate. At expiry of the current certificate the new certificate will be used for signing. DO NOT delete any current certificates.  Umbrella continues signing with the old certificate until the time of expiry.

From this year onwards, the Umbrella metadata URL will remain constant. When the certificate is renewed in future years, the metadata will be updated without changing the URL. This approach will support IDPs such as, ADFS and Ping, that can monitor the relying party metadata URL and automatically update when the relying party metadata is updated with a new certificate. For more information see, Utilizing Umbrella's fixed Metadata URL.

Note -

  • Some Identity Providers do not perform validation of SAML request signatures and therefore do not require our new certificate.  If in doubt, please contact your Identity Provider vendor for confirmation.
  • If using the recently added Umbrella SAML feature, Org-Specific EntityID feature, then you must not use URL-based metadata updates. Org-Specific Entity ID only applies if you have multiple Umbrella orgs linked to the same identity provider. In this scenario you should manually add the new certificate to each IDP configuration.

For more information, contact support. 

 

Regards, 

Umbrella Technical Support team. 

Was this article helpful?

0 out of 0 found this helpful
Have more questions? Submit a request

Related articles