SAML Certificate Expiration Notice

Dave_Okta · September 11, 2024, 7:32pm

Hey all, Dave from Okta here - I wrote this template a few years back to notify admins of any soon-to-expire SAML certificates in their org. In its current form, it will work for up to 2000 apps, but it’s easily modifiable to process as many as you need.

Attached are the template notes and the flowpack folder. Enjoy!
dcCertificateExpirationNotice.folder (295.7 KB)
Workflows Discovery - Certificate Expiration Notice.pdf.zip (38.2 KB)

Mockup4521 · September 12, 2024, 8:31pm

Hi Dave. Thanks for sharing!
When I try to import the flow I’m getting an error. Attached a screenshot.

‘The Flow contains Accounts not accessible to the requesting client.’

Will this also report on SAML encryption certs?

Dave_Okta · September 13, 2024, 2:42pm

Hmm, not 100% sure, but my flow is built with Okta, Google and O365 Mail connections - maybe you don’t have those in your environment (Gmail or O365)?

maxkatz · September 13, 2024, 8:04pm

Hi @Mockup4521 - Could you share the error screenshot?

Mockup4521 · September 17, 2024, 6:48pm

Thanks Dave & Max. I’m a new user, the forum is still not allowing me to upload a picture.

Would make sense, I don’t have Google or O365 connections. Anyway, I can modify the download to remove that requirement? Also do you happen to know if it supports the SAML encryption cert expiry? That’s what we are after.

Dave_Okta · September 17, 2024, 7:06pm

Yes, that’s what it does. Let me remove those cards and re-upload it to see if that will work for you. Give me a few minutes…

Dave_Okta · September 17, 2024, 7:10pm

Ok, try this one - I removed the Gmail and O365 cards. You’ll just need ot come up with a way to notify someone if a cert is expiring…
dcCertificateExpirationWarningNoEmail.folder (290.6 KB)

Mockup4521 · September 18, 2024, 7:39pm

Imported just fine. Thanks Dave!

Dave_Okta · September 18, 2024, 7:58pm

Great! Let me know if you have any questions.

LFC20-25 · October 23, 2025, 4:25pm

Hi Dave,

Great flow. It’s saved me a lot of work. It handles the SAML certificates from the Okta side, however there is one thing missing from the report. We have some SAML integrations where we use the vendor supplied SAML certificate for encryption which has it’s own expiration date.

If you query an app which has a SAML encryption certificate /api/v1/apps/${appId}

then search for “x5c” you will find the vendor provided certificate. The cert is missing the begin/end. Also the \r\n need characters need to be replaced with line feeds to recreate the certificate.

I wondered if you or anyone in the forum had a workflow that retrieved that too?

Post		Replies	Views
Update SAML App certificate with Terraform API terraform	2	1191	April 10, 2024
Activate a SAML Certificate via Terraform API	5	2323	February 22, 2023
Does SAML 2.0 with okta support Elliptic Curve Cryptography (ECC) Certificates SAML	1	1513	February 16, 2024
Renew SAML assertion certificate SAML saml	1	6225	February 12, 2024
SAML Encryptions SAML	1	2866	February 12, 2024

SAML Certificate Expiration Notice

Related topics