![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(224.00000000000003, 49%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELG%3C/text%3E%3C/svg%3E)
1,306 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 45%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAV%3C/text%3E%3C/svg%3E)
Hi @Lee G
Thank you for posting your query on Q&A.
I understand that you would like to know how you can get the private key generated by Azure.
The private key associated with the certificate used for signing is not generated by Azure and cannot be downloaded from Azure, because the Service Provider (SP) holds its own public-private key pair.
The private key is typically stored in your service provider (SP) application and is used to sign a SAML Request to the Identity Provider (IdP).
The Identity Provider only requires the Service Provider’s public key certificate. This public certificate is used by Azure AD to verify the signatures of the SAML requests it receives. You need to generate and manage the private key on your own and it should be securely stored on your infrastructure.
I hope this information helps! please Feel free to ask any questions you may have.
https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/certificate-signing-options
https://stackoverflow.com/questions/56938997/saml-certificate-private-key
https://stackoverflow.com/questions/60424527/saml-private-and-public-key-sharing
Thanks,
Akhilesh.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.