--- title: "Maintain and Rotate SAML Certificates" slug: "maintain-and-rotate-saml-certificates" description: "SAML certificates are used to verify the authenticity and security of data shared with your Identify Provider. Learn more in Gladly Help Docs." updated: 2024-12-19T21:15:06Z published: 2025-01-30T20:02:22Z --- > ## Documentation Index > Fetch the complete documentation index at: https://help.gladly.com/llms.txt > Use this file to discover all available pages before exploring further. # Maintain and Rotate SAML Certificates | **REQUIRED USER ROLE** Administrator | **PERMISSION OVERVIEW** [View permissions by role](https://help.gladly.com/docs/managing-users-and-roles#roles-and-responsibilities) | | --- | --- | SAML certificates are used to verify the authenticity and security of data shared with your Identity Provider. With certificates having a five-year lifespan, you must rotate a certificate if: - It's about to expire. - If access has been compromised Remember that SSO can't be used if the certificate lapses or expires, which will prevent your users from accessing applications that use SSO until the certificate is replaced. ## Before you start Review the following before you rotate certificates. - **DO NOT** rotate certificates without logging into Gladly first. Rotating certificates without being logged into Gladly will prevent you from logging into Gladly if you rotate the certificate first. ## Fetch updated metadata 1. Log into Gladly first **before** you rotate the certificate. 2. Rotate the certificate from your SSO provider. Below are some popular Identity Providers with information on how to rotate certificates. - [Google SSO](https://support.google.com/a/answer/7394709?hl=en) - [Okta](https://support.okta.com/help/s/article/Replace-SP-Signing-Certificate-In-OKTA?language=en_US) - [Azure](https://docs.microsoft.com/en-us/azure/aks/certificate-rotation) 3. Once rotated, go back to Gladly and click on the **menu** icon on the top left corner of the screen. 4. Click **Settings**. 5. Under the **Security and Compliance**category, click **Single Sign-On**. 6. The **Fetch metadata data from URL** field should already be populated. 7. Click **Save**. This triggers Gladly to fetch updated metadata. 8. Without closing Gladly, open a new browser tab in incognito mode, and try to log into Gladly via SSO. - If you can log in, that means the update is successful, and you can exit Gladly. - If you are **not** able to log in, double-check that you have correctly replaced the certificate. Do not close the Gladly window that you are logged into until you can log in into Gladly through the incognito window.