Updating a Yandex Cloud SAML certificate in an identity federation

Log in to Yandex Cloud Organization with an administrator or organization owner account.

In the left-hand panel, select Federations.

In the list that opens, select the identity federation of interest.

If the Yandex Cloud SAML certificate was reissued and requires a replacement, the icon will appear in the Sign authentication requests field to the left of Download certificate. If the icon is orange, it means the previous certificate is still valid; if red, the previous certificate has expired. In both these cases, you need to update the Yandex Cloud SAML certificate in the identity federation and on the IdP server.

In the top-right corner, click Update.

In the window that opens, you will see two certificates in the SAML certificate section under Advanced: the current one and the new (reissued) one. Expiration dates will be specified for both. The current one will also feature a warning that you need to download and install a new certificate.

To the right of the new (reissued) SAML certificate’s expiration date, click Download.

Before you proceed to the next step, deliver the downloaded Yandex Cloud SAML certificate to the IdP server. To learn how to do this, consult the identity provider's documentation or contact their support.

Once you have delivered the new SAML certificate to your IdP server, select the new (reissued) SAML certificate in the federation settings update form and click Save.