Skip to main content

This article applies to version 6.

Available in:

Small Business
Code42 Support

Update the single sign-on certificate for Code42

This article applies to version 6.

Available in:

Small Business


You may need to update the X.509 public key certificate for communication with a single-sign on (SSO) Identity Provider (IdP) for security reasons. This certificate is contained within Code42's metadata XML file. This article explains how to update the XML file so that the single sign-on certificate is also updated. 

See our other articles to learn more about how to replace the self-signed certificate with a CA-signed certificate or to get an introduction to Code42 single sign-on

Before you begin

Update the certificate on your Identity Provider before updating the Code42 XML file. Consult your specific identity provider's documentation for more information. 

Update Code42's certificate

You can update the single sign-on certificate either by allowing the administration console to update automatically on its regular interval or by removing your Identity Provider and re-adding it to the administration console. The option you choose depends on how quickly you need to update the certificate.

Option A: Wait for the administration console to update the XML metadata file automatically

In most cases, Code42 recommends waiting for the administration console to update the metadata file automatically. Code42 checks the Identity Provider metadata URL every 6 hours. If you updated the certificate on the Identity Provider, Code42 will update the XML file and certificate the next time it checks the metadata URL. 

Option B: Re-add your Identity Provider

If you need to immediately update your certificate, delete and re-add your Identity Provider in the administration console. 

  1. Sign in to the administration console. 
  2. Go to Settings > Security
  3. (Code42 environments with on-premises authority server only) Select the Single Sign-On tab. 
  4. Select the identity provider, and note the current configuration (for example, attribute mappings and display name). 
  5. Next to your identity provider, click delete this provider.
    delete provider button
  6. Click Add Identity Provider or Federation.
  7. In Identity Provider metadata URL, enter the URL for the identity provider metadata XML file.
  8. Click Continue.
    Additional Identity Provider settings appear.
    Identity provider settings
  9. Set up the Identity Provider to match the previous configuration you noted in step 3: 
    1. In Display name, enter an identity provider name.
    2. (Optional) Customize mappings between Code42 user attributes and identity provider SSO assertion attributes.
    3. Deselect Use default mapping.
    4. Configure mapping settings for each Code42 platform user attribute:
      • Username: Specify the SSO identifier or attribute that maps to the Code42 username.
        • Select Use nameId to use the SSO name identifier.
        • Select Use Attribute tag to enter a custom SSO attribute.
      • Email: Enter the SSO attribute that contains user email addresses.
      • First name: Enter the SSO attribute that contains user first names.
      • Last name: Enter the SSO attribute that contains user last names.
  10. Click Save.
  • Was this article helpful?