SAML certificates from both parties (Service Provider/Kantega SSO & SAML Provider/Okta) must be uploaded at the other party to establish trust. This procedure must be followed each time certificates expire for each SAML integration. In Kantega SSO Enterprise, you get a warning when the SAML signing certificate is expiring soon.
Download Kantega SSO Certificate
The new certificate is a .cer file which must be uploaded on the service provider / enterprise application at the SAML provider.
Click add new standby key
Download the .cer file:
Okta upload
Send the .cer file to your SAML team who need to upload it and add to the App Integration for Bitbucket. Are you guys still running Okta? If so, add them to the ticket so they can follow this procedure (The below example is from a Jira setup, but the exact same principle applies):
In the App Integration, in the General tab, click Edit on SAML Settings
Under General Settings, click next
Under Configure SAML in Edit SAML integration (Step 2 in the SAML setup), select Advanced settings, and you will see the option to upload the new certificate:
Back in Kantega SSO
After the certificate has been uploaded, you may click Promote on the new standby certificate you added earlier, and the new key will now the the one in use to sign the Kantega SSO SAML requests.