![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 73%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAH%3C/text%3E%3C/svg%3E)
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
24,687 questions
Hello @Ashley H,
This error message will trigger when you have TokenEncryptionKeyId present for your application. To fix this issue please deactivate the token encryption for your application and then try to delete the expired certificate from the application certs.
To deactivate token encryption in the Microsoft Entra admin center
- In the Microsoft Entra admin center, browse to Identity > Applications > Enterprise applications > All applications, and then select the application that has SAML token encryption enabled.
- On the application's page, select Token encryption, find the certificate, and then select the ... option to show the dropdown menu.
- Select Deactivate token encryption.
To deactivate token encryption in the Microsoft Entra admin center
I hope this information is helpful. Please feel free to reach out if you have any further questions.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".