1. SAML Single Sign-On
  2. Configuring the Identity Provider for the SAML Integration
  3. Updating the SuiteProjects Pro SAML Signing and Encryption Certificates in the Identity Provider Configuration

Updating the SuiteProjects Pro SAML Signing and Encryption Certificates in the Identity Provider Configuration

SAML signing and encryption certificates provide additional security when using SAML single sign-on (SSO) authentication to access SuiteProjects Pro. SAML signing and encryption uses public keys, or certificates, to verify data sent between the SuiteProjects Pro service provider (SP) and the identity provider (IdP). The IdP uses the signing certificate to verify the signature sent by the SuiteProjects Pro SP during the authentication request. The IdP uses the encryption certificate to conceal the content in the return response (assertion) to the SuiteProjects Pro SP.

SuiteProjects Pro SAML certificates on sandbox and production environments have a finite lifetime. SuiteProjects Pro rotates SAML certificates that are about to expire.

When SuiteProjects Pro rotates the SAML certificates, you must retrieve SAML certificate information from your SuiteProjects Pro account, save it in the correct format and import it in to your identity provider product on the service provider profile you created for this SuiteProjects Pro account.

Important:

Do not download the SSL certificate from your browser header. SAML certificates are distinct from SSL (TLS) certificates. SSL certificates apply to the browser you use to access SuiteProjects Pro and they are configured and maintained by the server.

Before SuiteProjects Pro rotates the SAML certificates, you will receive a proactive feature change notification (PFCN) with information about the dates when new certificates will become available and previous certificates are due to expire.

To update the SuiteProjects Pro SAML signing and encryption certificates in your identity provider configuration:

  1. In SuiteProjects Pro, go to Administration > Account> Integration: SAML Single Sign-On > [Select the active identity provider profile].

    The identity provider profile form opens.

  2. Click the link under Entity ID.

    Entity ID link

    The SuiteProjects Pro SAML metadata associated with the identity provider profile appears.

  3. Right-click anywhere on the page and select View Page Source from the context menu.

    The page source appears.

    Page source of SAML metadata page

  4. Copy the text between the <ds:X509Certificate> and </ds:X509Certificate> tags.

    Make sure that you select the entire certificate text and only the certificate text before you copy it to your clipboard. Do not select any of the characters in the <ds:X509Certificate> and </ds:X509Certificate> tags.

  5. Paste the content of the clipboard into a text editor.

  6. Insert the following certificate header on a separate line at the top.

                    -----BEGIN CERTIFICATE-----

  7. Insert the following certificate footer on a separate line at the bottom.

                    -----END CERTIFICATE-----

  8. Save the file. Use the file extension .pem or .crt depending on the file extension required by the identity provider product for SAML certificates.

    SAML signing certificate in text editor.

  9. In your identity provider product, go to the service provider profile you set up for your SuiteProjects Pro account and import the PEM or CRT SAML certificate file for SuiteProjects Pro under both the Signing certificate and Encryption certificate sections.