SAML Certificate Renewal Options

Umbrella's Secure Web Gateway (SWG) supports identity management with SAML authentication through identity providers (IdPs). Some IdPs require that you periodically update the Umbrella SAML request signing certificate. If your IdP requires verification of the SAML certificate, you can configure automatic renewals of the certificate or manually import the Umbrella SAML signing certificate.

Note: Since many IDPs do not validate SAML request signatures, you may not have to renew your Umbrella SAML certificate. Contact your IdP to confirm if you need to renew your certificate.

Table of Contents

Automatic Configuration Through the Umbrella Fixed Metadata URL

Configure your IdP to import the Umbrella SAML certificate from a fixed metadata URL without manual intervention.


For information about configuring Microsoft ADFS with the fixed metadata URL, see SWG SAML - Utilizing Umbrella's Fixed Metadata URL.

Manual Import of the Umbrella Signing Certificate

If your IdP does not support automatic renewal of the Umbrella SAML certificate, you must manually add the new certificate at the time of renewal into your IdP. For more information about manually importing the Umbrella certificate, see SWG SAML - Utilizing Umbrella's Fixed Metadata URL.

Prerequisites < SAML Certificate Renewal Options > Configure Azure AD for SAML