Applies To:
All organizations utilizing Single Sign On Authentication for access to their Pinnacle web tenant, via the configuration of an Enterprise Application in the Microsoft Azure AD environment.
This article is relevant to organization members with elevated Administrator permissions in the Pinnacle platform to make changes necessary to the update of the Signing Certificate.
The necessary changes to update the signing certificate in the Pinnacle platform will occur in the Management Utility (installed application) OR the Administrator Portal (browser-based access). The "Configure SAML" interface is the same for both areas of the platform.
Common Causes/Issues:
- The SAML Signing Certificate in Azure AD is expiring
- The default max term of expiry is three (3) years
Solution Overview:
It will be necessary to access the Enterprise Application created in Azure AD for SSO, and create a "New Certificate" for another chosen term of expiry.
A new 'Base64 Certificate' can be downloaded from Azure AD, and then 'Browsed For' in the Pinnacle Administration Portal to upload and update.
Tactical Rundown:
- Within the Azure Portal, navigate to the Enterprise App created for your SSO Authentication
- Under 'Manage' in the left margin menu, navigate to 'Single Sign On'
- Click the 'Edit' pencil in Box #3 (SAML Signing Certificate)
- Click "+New Certificate"
- Confirm the 'Expiration Date' and 'Notification Email Address(es)'
- Click "Save"
- Click on the three-dot ellipsis to the right of the newly created certificate
- Click 'Base64 certificate download' from the list
- Click 'Base64 certificate download' from the list
- Navigate to the 'Configure SAML' interface within the Pinnacle Platform; Management Utility or Administrator Portal
-
-
- Management Utility (installed application) -> Administrator Utility -> SSO Settings tab -> SAML 2.0 radial button -> 'Configure' button
- Administrator Portal (browser-based portal) -> Security & Authentication tab -> SAML radial button -> 'Configure' button
- "Browse" to your network location of the downloaded Base64 certificate
- Click 'Save' once selected
- Click 'OK' in the Configure SAML interface to update the Base64 certificate
Administrator Utility:
Administration Portal:
-
-
- Under 'Manage' in the left margin menu, navigate to 'Single Sign On'