Updating an expiring SSO (Single Sign-On) certificate ensures continuous access to Jump Desktop through your identity provider (IDP). This guide walks you through the process, including backup measures to prevent lockouts.
a. Prerequisites and Fallback:
- Disable ENFORCE SSO Sign-in (temporary):
- Log in at https://app.jumpdesktop.com, select your team on the left, then go to Tasks -> Security.
- Make sure SSO is not enforced for Team logins.
- Set a Password for Your Jump Desktop Account (backup access):
- From the top-left corner of the dashboard, click Security.
- Click Set Password if it's displayed there.
- If you have previously enabled MFA for your account, make sure you have your MFA device.
- Log into your old IDP provider and make sure your old IDP Metadata is available as a backup to revert changes if necessary.
b. Updating Your Expiring Certificate:
- Visit your SSO provider and update the necessary certificate.
- Download the IDP metadata or Federated XML file from your provider. To learn how to do this for your provider, take a look at the SSO setup guide, scroll down to the section where it asks you to download the XML metadata file.
- Once you have your new SSO IDP XML, upload it to your Jump Desktop for Teams account:
- Sign in to https://app.jumpdesktop.com.
- Click your team name on the left, then go to Tasks -> Security -> Manage SSO.
- Click Upload IDP Metadata and upload the XML file.
c. Test the New Certificate
- Use a new Incognito browser window and go to https://app.jumpdesktop.com.
- Click Sign in with SSO and try signing in with company credentials. If sign in works, you can move to the finalize step below.
d. Revert if Needed:
If you can’t log in, revert to your old IDP Metadata from the original browser session.
e. Finalize
After successful testing, re-enable ENFORCE SSO if it was disabled.
That’s it. Ensure you have fallback methods in place while you update your IDP certificate, and test thoroughly before locking things down again.
Comments
0 comments
Article is closed for comments.