GregH.00578 (Customer) asked a question.
Salesforce SAML Certs
Our Salesforce admin just asked me this question:
Currently, we have 2 certificates in Salesforce for SAML:
- One is the identity provider certificate through which Salesforce recognizes whether the assertion is coming from identity provider or not.
- The other is for Salesforce to sign the SAML requests when the requests are initiated from service provider (Salesforce in this case). Identity provider can identify whether the requests are coming from Salesforce or not.
Will it be okay if we use the same certificate for both?
Any insight on this?
Hello Greg,
During the Salesforce SAML setup, as far as Okta is concerned, only the Identity Provider Certificate is used, as per our documentation: https://saml-doc.okta.com/SAML_Docs/How-to-Configure-SAML-2.0-in-Salesforce.html. I am not sure what other certificate is used in this setup.
However, if you have additional questions, please open up a support ticket with us and we will be more than happy to assist.
Have a great day.