Already a NinjaOne customer? Log in to view more guides and the latest updates.

Renew SAML Certificate for SSO Integration

reviewed by Ian Crego
  • Last Updated October 16, 2025

When a SAML certificate used for your SSO integration expires, users may be unable to sign in to NinjaOne through SSO. To re-establish authentication, you must renew the certificate in your identity provider and upload the updated metadata to NinjaOne.

Step 1: Access the NinjaOne App in Entra ID

  1. Go to the Microsoft Entra Admin Center.
  2. Sign in with an admin account.
  3. From the left menu, select Enterprise apps.
  4. Find and open your NinjaOne SAML app (e.g., NinjaOne SSO).

Find and open your NinjaOne SAML app

Step 2: Generate and Activate a New SAML Certificate

  1. In the app’s sidebar, go to Single sign-on.
  2. Under SAML Certificates, select Edit.
  3. Click New Certificate, then Save to generate it.
  4. After the new certificate is created, select … (More options) and choose Make active to activate it.
  5. Once the certificate is active, Download the Federation Metadata XML file.

Download the Federation Metadata XML file

Step 3: Update the Certificate in NinjaOne

  1. Sign in to your NinjaOne account as an administrator.
  2. Go to Administration > Accounts > Identity Providers.
  3. Select your existing Entra/NinjaOne SSO configuration.
  4. Click Update metadata in the banner at the top of the page.
  5. In the Upload metadata dialog, choose File > Choose XML file, and upload the new Federation Metadata XML file downloaded from Entra ID.

upload the new Federation Metadata XML file downloaded from Entra ID

  1. Click on Test connection to verify the new SAML metadata.
  2. Once the test is successful, click Save to complete the update.

confirm that the certificate expiration date and metadata details

After saving, confirm that the certificate expiration date and metadata details have been refreshed to reflect the new Entra ID configuration.

FAQ

A SAML certificate is a cryptographic file used in the Security Assertion Markup Language (SAML) protocol to enable secure communication and authentication between entities, typically an Identity Provider (IdP) and a Service Provider (SP). The certificate plays a critical role in ensuring the authenticity, integrity, and confidentiality of the messages exchanged during the SAML authentication process.

To generate a SAML signing certificate, you’ll typically need to use a specific tool or platform provided by your identity provider or service provider. This often involves navigating to the relevant settings, creating a new certificate, specifying necessary details like expiration date and signing options, and then downloading the certificate in the required format. Once you have the certificate, you can upload it to your service provider to enable SAML-based single sign-on.

To check the expiration date of a SAML certificate in NinjaOne, log in to the NinjaOne Admin Portal using your administrator credentials. Once logged in, navigate to the Administration section from the main menu, then select Accounts, and go to the Identity Provider section. Here, you will find details about the configured SAML certificate, including its expiration date.

To update your SAML certificate in NinjaOne, renew or generate a new SAML certificate in your identity provider (such as Microsoft Entra ID), then upload the updated Federation Metadata XML file to NinjaOne.

Next Steps

Enable SSO