Update an X509 SAML certificate in ArcGIS Online and Portal for ArcGIS

Summary

A SAML certificate, sometimes referred to as an X509 SAML certificate, may need to be updated in ArcGIS Online and Portal for ArcGIS from time to time. An example is when the certificate is about to expire.

Procedure

The X509Certificate can be dowloaded from Microsoft Entra ID and imported into ArcGIS Online or Portal for ArgGIS with the following steps.

1. Log in to the Azure Portal.
2. Navigate to Microsoft Entra ID > Manage > Enterprise Applications.
3. Click on the relevant application.
4. Navigate to Manage > Single sign-on.
5. In the SAML Certificates section, find the Certificate (Base64) item and click the Download link.
6. Save the certificate (*.cer) file and then open it in an application such as NotePad++ or Visual Studio Code.
7. Copy the large string of characters contained on line lines of the file between "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----".
   • Do not copy the "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" text. Copy only the lines of alphanumeric characters that occur between those texts.
8. Log in to ArcGIS Online or Portal for ArgGIS and navigate to Organization > Settings > Security > Logins.
9. Click on the Configure login link corresponding to the SAML login item.
10. Paste the X509Certificate data into the Certificate: field and click Save, as shown in the image below.