Replacing a Service Provider (SP) signing certificate for a custom Security Assertion Markup Language (SAML) application requires uploading the new certificate within the application settings. Administrators can accomplish this by navigating to the SAML settings in the Okta Admin Console and uploading the new certificate file.

• Okta Identity Engine (OIE)
• Okta Classic Engine
• Custom Security Assertion Markup Language (SAML) applications with a Service Provider (SP) Signing Certificate
• Single Sign-On (SSO)

How is a Service Provider signing certificate replaced in Okta?

Review the video or navigate to the application settings in the Okta Admin Console, access the advanced SAML settings, and upload the new certificate file.

1. In the Okta Admin Console, select Applications.
2. Select the application intended for certificate replacement.
3. Select the General tab.
4. Scroll to SAML Settings and select Edit.
5. Select Next, and then select Show Advanced Settings.
6. Locate the Signature Certificate file name.

7. Select Browse files....
8. Select the .crt file to upload, and select Upload Certificate.
9. Select Next.
10. Select Finish.