urlscan.io logo urlscan.io
SecurityTrails logo

onelogin.service-now.com Open in urlscan Pro
149.96.238.210  Public Scan

Back to summary
Submitted URL: https://onelogin.service-now.com/support?id=kb_article&sys_id=732a9943db109700d5505eea4b96192e
Effective URL: https://onelogin.service-now.com/support?id=kb_article&sys_id=5812562d8730b110695f0f66cebb3582&kb_category=67121a2d8730b110695f0f...
Submission: On November 13 via manual from IN — Scanned from DE

Form analysis 1 forms found in the DOM

<form ng-if="!c.data.aisEnabled" ng-submit="c.submitSearch()" role="search" class="ng-pristine ng-valid ng-scope">
  <input type="hidden" name="id" value="search" autocomplete="off">
  <input type="hidden" name="t" value="kb" autocomplete="off">
  <div class="input-group input-group-md input-group-typeahead" role="presentation"> <!-- uses ui.bootstrap.typeahead -->
    <!-- ngIf: c.isTypeAheadEnabled && c.showSuggestions -->
    <!-- ngIf: c.isTypeAheadEnabled && !c.showSuggestions --><input ng-if="c.isTypeAheadEnabled &amp;&amp; !c.showSuggestions" name="q" placeholder="Search" ng-model="c.searchTerm" autocomplete="off"
      uib-typeahead="item as item.primary for item in c.getResults($viewValue)" typeahead-wait-ms="c.data.typeaheadWaitMS" typeahead-min-length="c.data.typeaheadMinLength" typeahead-focus-first="false"
      typeahead-on-select="c.onSelect($item, $model, $label)" typeahead-template-url="sp-typeahead.html" typeahead-popup-template-url="sp-typeahead-popup.html" class="form-control input-typeahead ng-pristine ng-untouched ng-valid ng-scope ng-empty"
      role="combobox" aria-autocomplete="list" title="Search" data-toggle="tooltip" data-placement="bottom" aria-label="Search" tabindex="0" aria-haspopup="listbox" aria-owns="typeahead-42-9623" aria-expanded="false">
    <ul class="typeahead-popup dropdown-menu ng-isolate-scope ng-hide" aria-label="Search suggestions" ng-show="isOpen() &amp;&amp; !moveInProgress" ng-style="{top: position().top+'px', left: position().left+'px'}" role="listbox" aria-hidden="true"
      uib-typeahead-popup="" id="typeahead-42-9623" matches="matches" active="activeIdx" select="select(activeIdx, evt)" move-in-progress="moveInProgress" query="query" position="position" assign-is-open="assignIsOpen(isOpen)"
      debounce="debounceUpdate" template-url="sp-typeahead.html" popup-template-url="sp-typeahead-popup.html">
      <li role="option" aria-hidden="true" style="display: none"></li>
      <!-- ngRepeat: match in matches track by $index -->
    </ul><!-- end ngIf: c.isTypeAheadEnabled && !c.showSuggestions -->
    <!-- ngIf: !c.isTypeAheadEnabled --> <span class="input-group-btn"> <button name="search" type="submit" class="btn btn-default" title="Search" aria-label="Search" data-toggle="tooltip" data-placement="bottom">
        <!-- ngIf: ::c.options.glyph --><i ng-if="::c.options.glyph" class="fa fa-search"></i><!-- end ngIf: ::c.options.glyph --> </button> </span>
  </div>
</form>

Text Content

Skip to page content

 * Home
 * 
   
   
 * Knowledge Base
   
 * 
   
   
 * OneLogin Administration Portal
   
 * 
   
   
 * Security
   
 * 
   
   
 * X.509 Certificates
   
 * 
   
   
 * Creating and Applying Certificates
   
   

 * 
   



Knowledge Base
   
   
 * Multi-Factor Authentication
   
   
   
 * X.509 Certificates
   
   
   
 * Policies
   
   
   
 * Delegated Administration
   
   


CREATING AND APPLYING CERTIFICATES 

For an organization connected to many SAML applications, having multiple SAML
certificates is a convenient and powerful way to ensure stronger security
between those apps and OneLogin. Using multiple certificates also lets you
gracefully handle the process of updating expiring certificates.

Certificates can be assigned or changed in the SSO configuration of any
SAML-enabled app, and OneLogin automatically sends your administrators a
customizable notification one year, 90 days, and 45 days before a certificate
expires, then daily after expiration until the certificate is updated.

 

--------------------------------------------------------------------------------

 

To view your X.509 certificates, go to Security > Certificates. All certificates
used by your OneLogin account are shown here, with the bit encryption of each,
the number of apps associated with each, and the dates of issue and expiration.
You can Import a certificate from another source, create a New certificate, or
select any existing certificate to manage it.



Key Length

Choose 1024, 2048, or 4096. Always be sure to check your app's key length
requirements, as some apps cannot support certificates above or below a certain
key length.

Note: The key length cannot be changed after saving the certificate.

Signature

Choose SHA1, SHA256, or SHA512 for the certificate's signing algorithm.

Expiration

Choose the period of time for the certificate to remain valid before it must be
replaced.

Certificate Keys

If your app requires an identified CA certificate, enable Set the CA flag in the
Basic Constraints extension option to "true" and keyCertSign bit for Key
Usage.option to identify the certificate as a CA certificate.

Note: Do not use this certificate with apps that do not require the Basic
Constraint extension, as they may not function properly.



Once the certificate has been saved, you can return to it at any time to view or
change its SHA fingerprint, copy or download the full X.509 certificate string,
and see any apps currently using the certificate. You may also Delete it, or
choose Set As Default to make it your default certificate for all apps with no
other certificate specified.


Was this article helpful? Yes No

© 2022 OneLogin, Inc. All rights reserved.