Delete an Active Enterprise Application Single Sign-On Certificate

ZeeArc 0 Reputation points
2024-07-29T06:03:15.4766667+00:00

How can I delete or deactivate an Active Single Sign-On SAML certificate for an enterprise application?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
23,155 questions
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. AzureAce 107 Reputation points
    2024-07-29T10:30:45.5166667+00:00

    Hello,

    • Removing an active certificate will immediately interrupt SSO functionality for the associated enterprise application. Users will be unable to access the application using their single sign-on credentials.
    • Depending on the application and its reliance on the certificate, deleting it might lead to data loss or security vulnerabilities.

    Steps to Delete the Certificate
    The exact steps will vary depending on your identity provider (IdP) or identity and access management (IAM) system. However, here's a general outline is

    Access the Application's Configuration: Log in to your IdP or IAM console and locate the enterprise application.

    1. Locate the Certificate**:** Find the specific certificate you want to delete.
    2. Initiate Deletion: Follow the platform's instructions to delete the certificate. This might involve confirming the action or providing additional information.
    3. Update Application Settings (If Necessary): If the application requires a new certificate, update its configuration accordingly.
    0 comments No comments

  2. Navya 15,150 Reputation points Microsoft Vendor
    2024-07-29T11:53:02.8133333+00:00

    Hi @Zean Encarnacion

    Thank you for posting this in Microsoft Q&A.

    I understand that you want to remove an active certificate from a Single Sign-On Enterprise Application.

    SAML certificates are an important part of Single Sign-On (SSO) in a Security Assertion Markup Language (SAML) environment. SAML certificates are used to establish trust between the identity provider (IdP) and the service provider (SP) in a SAML-based SSO scenario. When setting up an enterprise application in Entra, a default SAML certificate is generated. At least one active certificate is necessary to authenticate single sign-on.

    Active certificates for single sign-on in enterprise applications cannot be deleted; only inactive certificates can be removed.

    To delete an inactive certificate from an enterprise application, follow these steps:

    1. Sign in to the Microsoft Entra admin center as a Cloud Application Administrator.
    2. Navigate to Identity > Applications > Enterprise applications > All applications.
    3. Enter the name of the application in the search box and select it from the search results.
    4. In the Manage section of the left menu, select single sign-on

    User's image

    Hope this helps. Do let us know if you any further queries.

    Thanks,

    Navya.

    If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.


  3. AzureAce 107 Reputation points
    2024-07-30T06:11:37.1366667+00:00

    Hi @Zean Encarnacion
    It seems you are encountering difficulties in disabling SSO for an enterprise application in Microsoft Entra. While you have correctly navigated to the Single Sign-On settings, there might be some reasons preventing the action.

    Causes:
    Insufficient Permissions:

    Verify Role: Ensure you have the necessary permissions to modify SSO settings. The Cloud Application Administrator role should suffice, but double-check.

    Check Role Assignments: Verify that your user account is assigned the correct role for the enterprise application.

    Consider Global Administrator: If you're still facing issues, try performing the action with a Global Administrator account.

    Application Dependencies:

    Check for Linked Applications: Some applications might be linked to other services or resources. Disabling SSO could impact these dependencies.

    Review Application Usage: If the application is heavily used, disabling SSO could cause disruptions. Consider alternative approaches like password-based authentication or conditional access policies.

    SSO Configuration Complexity:

    Examine SSO Settings: Inspect the SSO configuration for any complex rules or dependencies that might be hindering the disablement process.

    • Simplify Configuration: If possible, simplify the SSO configuration to isolate the issue.

    Please mark as "Accept the answer" if the above steps helps you. Your suggestion will help others also!

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.