Updating Your Salesforce SAML Certificate


As a security measure, the SAML certificate that allows Trusona to authenticate you to your Salesforce expires annually from the time of certificate creation.

When the certificate expires, authentication with Trusona will no longer work which is why you will have to create a new certificate before expiration and send Trusona the .xml file associated with that newly created certificate.

1. How to check when your certificate expires?


Select Setup > Search for Certificate and Key Management > look at Expiration Date




2. How to Create a new Certificate?

 
Select Create Self-Signed Certificate.
 




Enter a descriptive label for the Salesforce certificate.
Exportable Prive Key: Uncheck the box
Key Size: 4096 (This will extend the certificate expiration an additional year to 2 years)
Select Save


 

3. Updating your Certificate


Note: This should be done after hours and in coordination with Tursona. Updating the certificate will break current authentication until Trusona updates your new certificate on Trusona's end.


Select Setup > Search for Single Sign-On Settings > select Edit



Select the Request Signing Certificate drop-down > select your newly created certificate > select Save


 

4. Send Trusona new .xml file


In Single Sign-on Setting > select Trusona



Select Download Metadata



Email Trusona at support.sf@trusona.com with the .xml file that was downloaded for integration on Trusona's end. Once integrated, Trusona for Salesforce will work as expected.