How To: Update your MS Azure SSO Certificate
Is your Azure SSO certificate in its last weeks of validity? This post should help you update your SAML settings to continue SSO access, as it may not work as you expect.
Expensify's SAML config doesn't support multiple active certificates. This means that if you create the new certification ahead of time without first removing the old one, the respective IdP will include two unique x509 certificates instead of one and the connection will break. Should you need to access Expensify, switching back to the old certificate will continue to allow access while that certificate is still valid.
To transfer from one MS Azure certificate to another, please follow the below steps:
1) In Azure Directory (AD), create your new certificate.
2) In AD, remove the old, expiring certificate.
3) In AD, activate the remaining certificate, and get a new IdP for Expensify from it.
4) In Expensify, replace the previous IdP with the new IdP.
5) Try logging in via SSO. If it fails, let us know here!
