WatchGuard Support Center

Knowledge Base - Article

000012444
 AuthPoint users cannot authenticate to SAML resources and how to replace my AuthPoint certificate

Information
Why does AuthPoint user authentication to SAML resources fail and how do I replace my AuthPoint certificate?
If authentication to all of your SAML resources suddenly fails, it is likely that your AuthPoint identity provider certificate has expired.

The AuthPoint certificate is used to provide your SAML resources with the information necessary to identify AuthPoint as a trusted identity provider. When the certificate expires, your AuthPoint users cannot authenticate to any of your SAML resources.

To continue to access your SAML resources without interruption, you must create a new certificate and replace the AuthPoint certificate that will expire. All new certificates do not expire for ten years.

How do I replace my AuthPoint certificate?

To replace your certificate:
  1. Log in to WatchGuard Cloud at cloud.watchguard.com.
  2. Select Configure > AuthPoint.
    The AuthPoint management UI opens.
  3. Select Resources.
  4. Click Certificate.
  5. Click Add Certificate.
    A new certificate is created.
  6. Click Back to return to the Resources page.
  7. Edit each SAML resource to change the associated certificate to your new certificate:
    1. From the Resources page, click the Name of a SAML resource that is associated with the certificate that will expire.
    2. From the AuthPoint Certificate drop-down list, select the new certificate you created.
    3. Click Save.
  8. Provide the updated metadata or metadata URL to the service provider of each of your SAML resources. Some service providers require the metadata file to configure authentication, while others require only the metadata URL. You can download the metadata or copy the metadata URL for a certificate from the Certificate Management page. Refer to the AuthPoint Integration Guides for the steps to configure specific SAML resources.

How does this affect AuthPoint Service Providers?

For AuthPoint Service Providers, it is important to understand that each of your customer’s accounts will also need to have their certificate replaced.