Renew SAML assertion certificate

How to auto renew certificate when SAML assertion certificate is updated by the Identity provider ?
We have a SSO setup between our app and customer FS via Okta. There is a SAML idp setup between Okta and customer’s ADFS. This setup will break whenever the signing certificates are updated. What is the best way to update the certificates on Okta ?

Thanks!