AAD Enterprise application SAML signing certificate

cthivierge 4,026 Reputation points


When we configure enterprise application in AAD with a non-gallery app. In the SAML signing certificate, there is 2 options "Create New" or "Import".
Create new will create a self-signed (issued by Microsoft Azure Federated SSO Certificate" or you can import a public certificate from a third party Certificate Authority.

My question is is there any best practices around that ?

If i use the "self-signed" certificate, does it cause any issues ?
What happen when it expire after the 3 years ? Does it renew automatically ?


Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
16,575 questions
0 comments No comments
{count} votes

Accepted answer
  1. soumi-MSFT 11,696 Reputation points Microsoft Employee

    Hello @cthivierge , thank you for reaching out. There won't be any problem if you use the already provided self-signed certificate. Regarding the renewal of the certificates, you would have to renew that manually, but, before the cert expires, there would be a notification email that you would receive updating you about the date for the cert expiration.

    You can check the following article for configuring the notification email and also steps for renewing the certificate here: https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/manage-certificates-for-federated-single-sign-on#add-email-notification-addresses-for-certificate-expiration

    The following article is worth checking out as it speaks about managing the certs SSO in Azure AD: https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/manage-certificates-for-federated-single-sign-on

    Hope this helps.

    Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as an Answer; if the above response helped in answering your query.

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. cthivierge 4,026 Reputation points

    Thanks for the answer. We will test this solution within next few weeks.
    I was just in the prerequisites and i just wanted to know if we will have to buy a public certificate.


    0 comments No comments