Manage Your Service Provider (SP) Certificates

Any information provided in this document regarding future functionalities is for informational purposes only and is subject to change including ceasing any further development of such functionality. Many of these future functionalities remain in varying stages of development and will be offered on a when-and-if available basis, and Cisco makes no commitment as to the final delivery of any of such future functionalities. Cisco will have no liability for Cisco's failure to deliver any or all future functionalities and any such failure would not in any way imply the right to return any previously purchased Cisco products.

Occasionally, you may receive an email or see an alert indicating that the IdP certificate is about to expire. Because each IdP vendor has its own process for certificate renewal, this guide explains what's required in ThousandEyes. It also provides general steps to retrieve updated IdP metadata and upload it to ThousandEyes to complete the renewal.

This applies only to SAML configuration.

Before You begin

Make sure you update all IdPs in your organization when renewing your service provider (SP) certificate.

Add or Renew Your SP Certificate

  1. In ThousandEyes, navigate to Manage > Account Settings > Organization Settings.

  2. In the Single Sign-On (SSO) section, click Go to admin portal.

  3. In the Cisco Identity portal, click Settings > Manage IdPs.

  4. Under the Service providers (SP) tab, click Add or renew certificate.

  5. Select a certificate to add or renew, and choose one of the following:

    • Self-signed by Cisco: We recommend this choice. Let Cisco sign the certificate so you only need to renew it once every five years.

    • Signed by a public certificate authority: The customer IdP provides a signature in the metadata that is signed by a Public Root CA. This option is more secure but you'll need to frequently update the metadata (unless your IdP vendor supports trust anchors).

  6. Click Save.

Download Your SP Certificate Metadata

The service provider certificate metadata is used to configure and establish trust between the IdP and Service Providers. It contains the public certificate, the IdP entity ID, SSO URLs, and other relevant information all packaged in a comprehensive XML file.

  1. In ThousandEyes, navigate to Manage > Account Settings > Organization Settings.

  2. In the Single Sign-On (SSO) section, click Go to admin portal.

  3. In the Cisco Identity portal, click Settings > Service Providers (SP).

  4. Click the ... icon next to the certificate you want to download and click Download metadata.

Download Your SP Certificate

If you don't want to download the entire certificate metadata, you can download the public key certificate to verify the authenticity of the IdP.

  1. In ThousandEyes, navigate to Manage > Account Settings > Organization Settings.

  2. In the Single Sign-On (SSO) section, click Go to admin portal.

  3. In the Cisco Identity portal, click Settings > Manage IdPs.

  4. Under the Service providers (SP) tab, click the ... icon next to the certificate you want to download and click Download certificate.

PreviousTest Your SSO SetupNextUser Activity

Last updated