Important Notice: After July 31, 2024, the Expensify community will no longer be available. Help docs and resources can be found on and you can message Concierge with any additional questions.

How To: Update your MS Azure SSO Certificate

Peter Barker
Peter Barker Expensify Team, Expensify Student Ambassador Posts: 3 Expensify Team
edited March 2022 in How-to Docs

Is your Azure SSO certificate in its last weeks of validity? This post should help you update your SAML settings to continue SSO access, as it may not work as you expect.

Expensify's SAML config doesn't support multiple active certificates. This means that if you create the new certification ahead of time without first removing the old one, the respective IdP will include two unique x509 certificates instead of one and the connection will break. Should you need to access Expensify, switching back to the old certificate will continue to allow access while that certificate is still valid.

To transfer from one MS Azure certificate to another, please follow the below steps:

1) In Azure Directory (AD), create your new certificate.

2) In AD, remove the old, expiring certificate.

3) In AD, activate the remaining certificate, and get a new IdP for Expensify from it.

4) In Expensify, replace the previous IdP with the new IdP.

5) Try logging in via SSO. If it fails, let us know here!