Single Sign On via the SAML route requires a Signing Certificate. This Certificate can expire and needs to be renewed to continue to allow Single Sign On to function. 

1. Sign into the CloudHealth platform prior to performing these steps to ensure you have an active session prior to refreshing the certificate. 
   
   
2. Navigate to Azure Portal -> Entra ID -> Enterprise Application -> Select your SAML application for CloudHealth -> Single Sign On
   
   
3. Within this section scroll down to the SAML Certificates section - 
   
   
   
   
   
4. Select the Edit option within this section, and then generate a new Certificate via the New Certificate option- 
   
   
   
   
   
5. You will then need to hit save once the new certificate and expiration date are shown see example below 
   
   
   
   
6. Select the ... option menu for the new certificate and select the "Base64 Certificate" download option
   
   
7. Open the downloaded file in Notepad. You will find the file displays as - 
   
   
   
   
8. Navigate to Setup -> Admin -> Single Sign On, and copy the value currently in place under the Signing Certificate section, and save this separately to the certificate downloaded in step 6, in case you need to roll back the certificate change.
   
   
9. Copy the value for the Certificate downloaded in step 6 including the -----BEGIN CERTIFICATE----- & -----END CERTIFICATE----- portions, and replace the existing certificate under Setup -> Admin -> Single Sign On -> Signing Certificate section. 
   
   
   
10. Navigate back to the Azure Console, and select the ... option menu for the inactive certificate (the certificate created in step 4, and then select the "Make Certificate Active" option. 
    
    
    
    
11. Open an incognito browser session and leave your current CloudHealth session active in the non incognito browser session. Within the incognito browser session navigate to https://apps.cloudhealthtech.com/login and validate that you're able to sign in successfully as this will validate the certificate change. 
    
    
    
12. If you find that you're unable to sign in, in your regular browser session navigate back to Setup -> Admin -> Single Sign On, and copy back in the backup of the original Signing Certificate you captured in step 7.
    
    
13. Within the Azure Console navigate back to Azure Portal -> Entra ID -> Enterprise Application -> Select your SAML application for CloudHealth -> Single Sign On -> SAML Certificate and select Edit. 
    
    Select the ... options menu next to the certificate with expiry date - 2/03/2025 and select the "Make Certificate Active" option to roll back to the original certificate. 

If you need to roll back the certificate contact CloudHealth Support to assist with the certificate renewal.