Applies To:
All organizations utilizing Single Sign On Authentication for access to their Pinnacle web tenant, via the configuration of an Enterprise Application in the Microsoft Azure AD environment.
This article is relevant to organization members with elevated Administrator permissions in the Pinnacle platform to make changes necessary to the update of the Signing Certificate.
The necessary changes to update the signing certificate in the Pinnacle platform will occur in the Administrator Portal (browser-based access).
Common Causes/Issues:
-
The SAML Signing Certificate in Azure AD is expiring
- The default max term of expiry is three (3) years
Solution Overview:
It will be necessary to access the Enterprise Application created in Azure AD for SSO, and create a "New Certificate" for another chosen term of expiry.
A new 'Base64 Certificate' can be downloaded from Azure AD, and then 'Browsed For' in the Pinnacle Administration Portal to upload and update.
Tactical Rundown:
-
Within the Azure Portal, navigate to the Enterprise App created for your SSO Authentication
-
Under 'Manage' in the left margin menu, navigate to 'Single Sign On'
- Click the 'Edit' pencil in Box #3 (SAML Signing Certificate)
-
Click "+New Certificate"
- Confirm the 'Expiration Date' and 'Notification Email Address(es)'
- Click "Save"
- Click on the three-dot ellipsis to the right of the newly created certificate
- Click 'Base64 certificate download' from the list
- Click 'Base64 certificate download' from the list
- Navigate to the 'Configure SAML' interface within the Pinnacle Platform Administrator Portal.
- Administrator Portal -> Security & Authentication tab -> SAML radial button -> 'Configure' button
- "Browse" to your network location of the downloaded Base64 certificate
- Click 'Save' once selected
- Click 'OK' in the Configure SAML interface to update the Base64 certificate
-
Under 'Manage' in the left margin menu, navigate to 'Single Sign On'