ArcGIS Online SAML Authentication signing and encryption certificate renewal (2024)

Summary

ArcGIS Online's SAML signing and encryption certificate is expiring on September 24th, 2024.  It is necessary to take action to ensure that your organization can continue to use your Enterprise Identity Provider (IDP). This certificate is required when an organization has enabled signed requests or encrypted assertions. SAML enterprise logins that use the old certificate for signed requests or encrypted assertions continue to work until September 23th, 2024.

If the ArcGIS Online metadata file (that contains the new signing certificate), was not uploaded into the Identity Provider (IDP) before September 24th, 2024, and the 'Enable Signed Request' option is enabled, an error will occur when organization members sign in to ArcGIS Online with an Enterprise SAML account. This error is an IDP-specific message displayed in place of the IDP sign-in page.

Procedure

To enable your IDP to discover the new certificates, you must re-register ArcGIS Online as your trusted services provider. This process will vary slightly depending on the SAML identity provider. Review the following documentation for more details:

• ArcGIS Blog: Action Required - ArcGIS Online SAML Customers
• ArcGIS Online: Set up SAML logins
• ArcGIS Online: Set up Open ID Connect logins

If you have any questions, please contact Esri Technical Support.