This guide illustrates utilizing the Okta Postman API collection to generate a 2-year SAML Signing Certificate, an alternative to the standard 10-year SAML Signing Certificate. 

• Security Assertion Markup Language (SAML)
• Signing Certificate

Prerequisites

• Postman is configured for the Okta Environment. Please follow the steps to integrate POSTMAN with Okta.
• Import Apps Okta Postman Collection from Import a Postman Collection.

Steps

1. Run the List Apps request from the Okta Postman Apps collection.
   1. Navigate to Apps > Feature Operations > Get List Apps.
   2. Use the below call:

      GET {{url}}/api/v1/apps  > Send

NOTE: Find the AppId in the response body and record it, or collect the AppId from accessing the app in the Okta Admin UI and copying it out of the browser URL.

2. Run the Generate Certificate request from the Okta Postman Apps collection.
   1. Navigate to Apps > Certificate Operations > Post Generate Certificate.
   2. Use the below API call, making sure to insert the AppId from the record above in {{appId}}, and enter years in {{validityYears}}.

      POST {{url}}/api/v1/apps/{{appId}}/credentials/keys/generate?validityYears={{validityYears}} 

1. 3. Click Send.

3. Go to Okta Admin UI > Specific App > Sign On > Activate the new SAML Signing Certificate.
4. Upload new SAML Signing Certificate to App \ Service Provider, which can be done in multiple ways:
   • By viewing the SAML Setup Instructions under the Sign On tab and then downloading the certificate.
   • By providing the IdP metadata to the SP provider, saved as an XML file.
   • Download the new certificate from Okta Admin App UI > SAML Signing Certificates > Actions > Download Certificate or View IdP metadata and save it as an XML file.

NOTE: If the "errorSummary": "Validity years out of range. It should be 2 - 10 years" error is encountered, keep in mind this is hardcoded.

Related References

• How to Integrate Postman with Okta
• Import a Postman Collection