Single Sign-On (SSO) Configurations
The SSO Configurations page enables administrators to upgrade and revert SSO certificates. Administrators can also download an existing SSO certificate.
Administrators are not able to add or edit SSO configurations.
To access the SSO Configurations page, go to.
|PERMISSION NAME||PERMISSION DESCRIPTION||CATEGORY|
|Single Sign On - CSOD Certificate||Grants ability to view, manage, and upgrade SSO certificates and configurations. This is an administrator permission. This permission cannot be constrained.||Core Administration|
Upgrade SSO Certificate
To comply with security requirements, Cornerstone is required to upgrade their SSO certificate for all inbound or outbound SSOs using the SHA256 CA-Verified Cert Signature. When a new version of a certificate is available, the certificate will be automatically upgraded on a specific date. Users who are in the system administrator role receive system-generated reminder emails prior to the SSO certificate auto-upgrade date. This reminder does not need to be configured by an administrator and is automatically sent at predefined intervals of 90, 60, 30, 15, 10, 7, 6, 5, 4, 3, 2, and 1 days before the auto-renewal date. The email is active for all portals, localized to the user's language, and will ignore dead box settings to ensure delivery to the intended recipient. If a portal has no SSO connectors that need upgrading, or if they have already been upgraded, then the email is not sent.
Administrators may upgrade the certificate using self-service, which they can upgrade at the same time they upgrade the certificate in their SSO configuration. This removes any need to coordinate with Cornerstone and allows organizations the flexibility to upgrade their certificate whenever they are ready.
To upgrade an existing SSO certificate, select the appropriate SSO connector. Then, select thebutton. This button is only available if the selected connector has an upgrade available (i.e., the connector is not currently using the latest version of the certificate).
Revert SSO Certificate
To revert to a previous version of an existing SSO certificate, select the appropriate SSO connector. Then, select thebutton. This button is only available if the connector is using the latest version of the certificate, and the older version of the certificate has not expired. If the older version of the certificate has expired, then this button is not available.
Download SSO Certificate
To download and view the SSO certificate for the existing connector, select the appropriate connector. Then, select the three-dot menu icon and select CSOD Public Certificate.
Note: This option is not available when viewing this page in a smaller mobile browser window.
Download Metadata for SSO Configuration
To download the metadata for a saved inbound or outbound SAML 2.0 Single Sign-On configuration, select the appropriate connector. Then, select the three-dot menu icon and select Metadata. This generates XML file tailored to the SSO configuration.