Update SAML response certificate in Google Workspace

When your SAML response certificate closes expiration date, you will need to create a new certificate in Google Workspace. Log into https://admin.google.com and navigate in left menu to Apps > Web and mobile apps > Your Kantega SSO SAML app.

Open

Then click the Certificate box in the right column:

Open

Then click Manage certificates:

On the SAML certificates page press ADD CERTIFICATE (if this page already has two certificates, remove the oldest and then create a new one by pressing ADD CERTIFICATE. If the previous SAML has been used by other apps you may need to update to use the certificate also on these apps):

Then close the SAML certificates page and reload the Service provider details page to get the new certificate in the list. then choose the new certificate in the drop-down list and press Save.

Set app to OFF for everyone and then ON for everyone

Google Workspace has a bug that makes the app unavailable for all users when a new certificate has been installed. To make the app available again, press the User access box (see below) and then select OFF for everyone and press Save. Then press the User access box once and select ON for everyone and press Save.

Import new certificate into Kantega SSO

Download the metadata file by pressing DOWNLOAD METADATA in the middle column and then pressing the DOWNLOAD METADATA button. The metadata file contains the newly created certificate.

To make Kantega SSO trust the new certificate, import the metadata file into your existing Google Workspace IdP. See the below image where you can browse and upload the metadata file to trust the new certificate.