![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(236.8, 51%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECT%3C/text%3E%3C/svg%3E)
2,119 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(131.20000000000002, 28.000000000000004%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERA%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 78%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESG%3C/text%3E%3C/svg%3E)
Thank you for posting this in Microsoft Q&A.
As I understand you have configured Evedrbridge application in your tenant. You have also imported the certificate to Azure enterprise app from your application.
Now your IT team has asked you to remove the certificate that was uploaded.
You can remove this certificate in application and leave the Certificates (optional), Required = No.
This is an optional certificate that can be configured in Azure AD side. This is used only when your application is sending the SAML request as signed.
This should be configured if you are sending the SAML request as signed from application. If you do not want to use this certificate in application the you can set this option to NO in Azure SSO side.
There are two certificates that comes into consideration when you configure SAML SSO with Azure for the application.
- Token signing certificate
- Certificate which is used to encrypt the SAML response token .
Token signing certificate
Microsoft Entra ID as an IdP signs the SAML response with the X.509 certificate of the application. This certificate is generated by Azure AD and is shared with application. Once authentication is completed, SAML response is sent to the application. This response token is signed by using token signing certificate. Since this certificate is already shared with application in initial configuration, application will validate the token using this certificate and will accept the token post validation.
SAML request signing certificate (This is optional in Azure AD SSO configuration)
This certificate is used by application, and this is used to sign the SAML request sent to Azure AD for authentication.
This is an optional certificate that can be configured in Azure AD side. This is used only when your application is sending the SAML request as signed.
If your application sends SAML request as signed, you will have to set this option in Azure AD to yes and upload the same certificate to Azure portal.
Let us know if you have any further questions.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.