IdP Signature Certificate get expiration date trough API

I couldn’t find any documentation on how I can get the IdP Signature Certificate expiration date, except by going to the GUI and checking it from there. Ideally, I would want to get this through an API call.

I want to set up an alert for our internal teams on Expiring Signature Certificates, and I’m not sure if it can be done and how.
I’m pretty surprised that no one has asked this, and it’s nowhere to be found in the Okta documentation.

You can get the IdP with Identity Providers | Okta Developer
In the links section it will contain a metadata.xml URL

"_links": {
        "metadata": {
            "href": "https://{domain}",
            "type": "application/xml",
            "hints": {
                "allow": [

This will return among other things an x509 that you can decode and check the validity date.
Note when you call the metadata.xml URL you will need to pass an API Token as well.

1 Like