SAML Certificate Renewal - Entra ID

dan.b.730 Posts: 3 🔍
We setup Single Sign On (SSO) with Brightspace back in Jan 2020. At the time we had to manually send over our XML metadata and SAML certificate.

The certificate is due for renewal. I have a few questions about renewal:

1. What's the best way to renew the certificate?
2. As we previously uploaded the metadata manually, can we now use the automatic update feature with the public Microsoft link for the metadata?
3. Will there be downtime whilst we renew the certificate? If so, for how long?



  • Chris.S.534
    Chris.S.534 Posts: 201

    Hi Dan,

    Brightspace Administrators can now self administer SAML configurations. This is done via the Admin tools > SAML Administration UI. X.509 Signing Certificates can be updated, without the need to engage D2L to update these on your behalf, and no downtime.

    If wanting to use a publicly accessible metadata URL you may (will) need to delete the existing Identity Provider and create a new Identity Provider using the metadata URL. You can have multiple Identity Providers configured concurrently but you'll need to take this into account regarding any impact to existing users if making a switch and IdP identifiers change.

    For additional information see:

    Hope this helps!

  • dan.b.730
    dan.b.730 Posts: 3 🔍

    Thanks Chris,

    I've had a read through the links. Is it OK to have 2 identity providers belonging to the same source (Entra ID)?

    Essentially, I'd like to delete the older manual configuration and use a newer configuration that's capable of automatically updating its metadata configuration and certificate as Azure is updated.

    If we do this, is there downtime between the switchover?

    Also, can we test the configuration being switching over (we have several thousand users, so we need to be careful)?