Contents

Certificate Management

From the Certificate Management page, you can create and manage the AuthPoint certificates used for SAML authentication. The AuthPoint certificate provides your resource (service provider) with the information necessary to identify AuthPoint as a trusted identity provider. This is required for SAML authentication.

You must create at least one AuthPoint certificate before you can add a SAML resource. If your account already has one or more certificates, you only have to create a new certificate when you replace an existing certificate.

A certificate may need to be replaced for security measures or when the expiration date is near.

When a certificate expires, users cannot authenticate to any SAML resources that are associated with the expired certificate. You must replace the certificate to continue to authentication to those resources.

An alert is generated in WatchGuard Cloud when the expiration date for a certificate is near.

Create a New Certificate

You must create at least one AuthPoint certificate before you can add a SAML resource. The certificate provides your resource with the information necessary to identify AuthPoint as a trusted identity provider.

To create a new AuthPoint certificate, from the AuthPoint management UI:

  1. Select Resources.
  2. Click Certificate.
    The Certificate Management page opens.

  1. Click Add Certificate.

Replace a Certificate

A certificate may need to be replaced for security measures or when the expiration date is near. When a certificate expires, users cannot authenticate to any SAML resources that are associated with the expired certificate.

To replace a certificate:

  1. Select Resources.
  2. Click Certificate.

  1. Click Add Certificate.
    A new certificate is created.

  1. Identify the SAML resources that are associated with the certificate that will expire.

    When you try to delete a certificate that has SAML resources associated with it, you see an error message that lists all of the associated SAML resources.

  2. Edit each SAML resource to change the associated certificate from the one that will expire to your newly created certificate. For each resource:
    1. From the Certificate Management page, click Back to return to the Resources page.
    2. Click the Name of a SAML resource that is associated with the certificate that will expire.
    3. From the AuthPoint Certificate drop-down list, select the new certificate you created.
    4. Click Save.
  3. Provide the updated metadata or metadata URL to the service provider of each of your SAML resources. Refer to the AuthPoint Integration Guides for the steps to configure specific SAML resources.

Once you have replaced the certificate for each of your SAML resources and uploaded the new metadata to the service providers, you can delete the expiring certificate.

Get Metadata for a Certificate

From the Certificate Management page, for each certificate you can:

  • Download the metadata file
  • Copy the metadata URL
  • Download the certificate file
  • Copy the fingerprint

The AuthPoint metadata and certificate provides your resource with information that is necessary to identify AuthPoint and establish a trusted relationship between the third-party service provider and the identity provider (AuthPoint). This is necessary to configure MFA for a SAML resource.

To get the metadata or other necessary information for an AuthPoint certificate, from the AuthPoint management UI:

  1. Select Resources.
  2. Click Certificate.
  3. Next to your certificate, click and select an option to download the metadata, copy the metadata URL, download the certificate, or copy the fingerprint.

    Some service providers require the metadata file to configure authentication, while others only require the metadata URL.

See Also

AuthPoint Integration Guides

SAML Resources

Give Us Feedback  ●   Get Support  ●   All Product Documentation  ●   Technical Search