As an IdP administrator, I would like to use a third-party IdP such as Okta, PingID, etc. and would like Secure Access Cloud to sign SAML responses.
Third-Party Identify Provider
Secure Access Cloud (Service Provider)
If Secure Access Cloud (SAC) is the SAML service provider, all SAML responses from your IdP should be signed to indicate it hasn't been tampered with by an unauthorized third-party.
You will need to configure SAC to validate the responses' signatures by obtaining a signing certificate from the IdP and loading the certificate from the IdP into your SAC IdP configuration.
To do this, You will need to following the steps on the SAC Techdoc: Integrate a Generic SAML IdP, refer to step # 18.
This will allowed SAC to accept a signed response for the assertion, the response, or both, however, this is only for signing and no encrypting.
Note: SAML responses encryption is currently not supported.