This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 6%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMS%3C/text%3E%3C/svg%3E)
SAML authentication is implemented in Azure AD B2C; a certificate must be set up in Azure AD B2C, and the documentation recommends using a certificate issued by a public certificate authority. What is the reason for this?
There should be no need to externally verify the validity of the certificate in SAML authentication. Also, considering the case where certificates are periodically renewed for security reasons, it seems redundant to use certificates issued by an external public certification authority.
Google Workspace, for example, states in its documentation to use self-signed certificates.
Why does Azure AD B2C recommend using certificates issued by public certificate authorities?
Hi,
I am assuming it is a Microsoft way of giving you an option and preferences as each customers requirements is different and some prefer to use custom/Public Certificates instead of self signed Certificates. I will not go deep into the nitty gritty of Security aspects as with on field experience I have noticed many prefer custom public Certificates instead of self signed ones. However if you feel it is not correct and should be addressed I will suggest you to raise a feedback over here.
Hope this helps.
JS
==
Please Accept the answer if the information helped you. This will help us and others in the community as well.