ArcGIS Online's SAML signing and encryption certificate is expiring on September 27th, 2023. It is necessary to take action to ensure that your organization can continue to use your Enterprise Identity Provider (IDP). This certificate is required when an organization has enabled signed requests or encrypted assertions. SAML enterprise logins that use the old certificate for signed requests or encrypted assertions continue to work until September 26th, 2023.
If the ArcGIS Online metadata file (that contains the new signing certificate), was not uploaded into the Identity Provider (IDP) before September 27th, 2023, and the 'Enable Signed Request' option is enabled, an error will occur when organization members sign in to ArcGIS Online with an Enterprise SAML account. This error is an IDP-specific message displayed in place of the IDP sign-in page.
To enable your IDP to discover the new certificates, you must re-register ArcGIS Online as your trusted services provider. This process will vary slightly depending on the SAML identity provider. Review the following documentation for more details:
If you have any questions, please contact Esri Technical Support.