IdP Signing certificate

Hello - is there a better way to manage the validity of IDP signing certificate from the Okta admin console?

If i provided Okta Idp metadata with a DS signature validity of 4 yrs to a Service provide, how can i restrict or issue a new Idp cert with 2 years validity?

you can’t, IdP certificate is managed by Okta

Thanks! how about the SaaS apps integrated with Okta, once the validity of the cert is reduced to 3 years ? Should i generate a new Metadata and provide it to the SaaS application or once Okta reduces the validity, it automatically reflects to all the Integrated applications?

When you create SAML application in Okta, it provides you with IdP metadata URL where you can always find its certificate used for signing/encryption. So if you want to be aware of any changes in the future, just read this URL and update your SP configuration accordingly. Though a lot of apps/frameworks make it possible to not hard-code IdP cert, but rather read it from URL

Thank You for the insight.