How to renew the Azure SAML IdP certificate on the firewall for GlobalProtect when it expires

How to renew the Azure SAML IdP certificate on the firewall for GlobalProtect when it expires

67299
Created On 10/13/22 06:34 AM - Last Modified 02/24/23 18:26 PM


Objective


•    Azure SAML IdP certificate for GlobalProtect with SAML authentication expires
•    Need to renew the Azure SAML IdP certificate on the firewall
 

Environment


•    Palo Alto Firewall
•    GlobalProtect with Azure SAML authentication profile

Procedure


  1. Make sure to delete the old certificate on the Azure SAML IdP side
  2. Then export the new SAML metadata XML file (which has only the new certificate) from Azure IdP
  3. Import the new metadata XML file into FW through the SAML Identity Provider profile using the same profile name as there was
  4. After that, navigate to Device > Certificate Management > Certificates to verify and confirm the Azure SAML IdP certificate is automatically renewed on the firewall successfully.

 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000kEVuCAM&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language