Genesys Cloud - Main

 View Only

Discussion Thread View
  • 1.  Microsoft Azure AD SSO Certificate expiring soon - how to renew?

    Posted 02-25-2024 17:10

    Hi Genesys Community,

    Just looking for some advise regarding Microsoft Azure Single Sign On in Genesys Cloud and upcoming SSO certificate expiry:

     
    Noticed upon login to our Azure portal, it's coming up with 'Certificate Expiry Status' soon (12 March 2024)

     

     

    Same expiry date also showing in Genesys: 

     

    I've not been able to find anything in the Resource Center that advises what needs to be done here to renew/update (can only see instructions on Adding Azure AD as a new provider):

     

    • Is it just a matter of just following the step relating to Certificate (as per below)?
    • Does it need a new certificate to be imported into Azure?
    • Is there an outage/impact? Should this be done after hours?

     

    image


    Cheers,


    #Integrations
    #PlatformAdministration
    #Security
    #SystemAdministration

    ------------------------------
    Jeff
    ------------------------------


  • 2.  RE: Microsoft Azure AD SSO Certificate expiring soon - how to renew?
    Best Answer

    Posted 02-25-2024 19:07

    Hey Jeff

    Rough idea of what I've done/recommend.

    • Definitely do this out of hours (if possible)
    • Get new certificate exported from the SSO/SAML app in Azure
    • If your org is set to be SSO only, as a precaution turn that off and make sure you can get in using Genesys authentication in case something goes wrong
    • Import new certificate into SSO settings in Genesys Cloud
    • Test SSO

    I don't recall if you can keep multiple certs on the Genesys side (think you can for SIP but not for auth).  It's possible on Azure it will continue to honour the old certificate until you import the new one and start using it.  Still worth doing out of hours.  I think we pretty much had to cross our fingers when we went through it but didn't hit any issues.



    ------------------------------
    Vaun McCarthy
    ------------------------------



  • 3.  RE: Microsoft Azure AD SSO Certificate expiring soon - how to renew?

    Posted 07-11-2024 17:36
    Edited by Brian Jones 07-11-2024 17:41

    FYI @Vaun McCarthy or others who are curious regarding his last point. It appears you can have multiple SSO certs on the Genesys side, but the system will only honor the active one. When our Azure team activated the new cert, it/they deactivated the old cert. So once the new cert was activated, we went back into Genesys (using SSO successfully from an incognito browsing session as a part of our testing) and [proactively] deleted the old cert to keep things clean.

    We just went through this process today without an outage or disruption to users, and [thankfully] everything has gone well since.



    ------------------------------
    Brian T. Jones | Ascension | Senior Specialist - Technology
    ------------------------------



  • 4.  RE: Microsoft Azure AD SSO Certificate expiring soon - how to renew?

    Posted 07-11-2024 23:50

    Thanks Brian



    ------------------------------
    Vaun McCarthy
    ------------------------------



Need Help finding something?

Check out the Genesys Knowledge Network - your all-in-one access point for Genesys resources