question

TechUser2020-6505 avatar image
0 Votes"
TechUser2020-6505 asked TechUser2020-6505 commented

Azure AD Application Certificate Renewal and 3rd Party Update

Hello,
I've configured Azure AD SSO with ServiceNow using the guide below. We've configured a SAML certificate with a 3 year lifetime.

https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/servicenow-tutorial

When it comes to renewal 2025, can ServiceNow (application service provider) automatically pull the new certificate and XML metadata?

I want to avoid a manual exchange of certs and XML if possible.

With ADFS, you can provide an XML URL that's publically available for the ADFS configuration, however, I don't know what the equivalent would be for Azure AD.

Please advise.

Thank you
205446-1.png


azure-ad-enterpriseapps
1.png (424.1 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

Givary-MSFT avatar image
0 Votes"
Givary-MSFT answered TechUser2020-6505 commented

@TechUser2020-6505 Thank you for reaching out to us.

As I understand you are looking for an option to update the certificate ( new ) from automatically to ServiceNow.

Did a quick repro at my end, I see there is App Federation Metadata Url ( available under SAML Signing Certificate Section ) which has certificate information which can be consumed by the application. this contains Active/Inactive certificate information.

205848-image.png

Let me know if you have any further questions.



image.png (21.2 KiB)
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thank you, so if I supply that URL to ServiceNow, they should be able to use it to update the certs automatically?

0 Votes 0 ·
Givary-MSFT avatar image Givary-MSFT TechUser2020-6505 ·

@TechUser2020-6505

As per these articles
https://community.servicenow.com/community?id=community_question&sys_id=f261e65bdb24bc542dc24f78139619ef
https://docs.servicenow.com/bundle/quebec-platform-administration/page/integrate/single-sign-on/concept/x-509-certificate-sso.html

Once you enter the App Federation Metadata Url in the ServiceNow application, it will read all the certificates information which is present under SAML configuration.

Let me know if you have any further questions.

1 Vote 1 ·