Question

What is the single sign-on certificate used for in Azure AD, and where should it be uploaded?

Answer

The single sign-on (SSO) certificate in Azure AD is primarily used for SAML request signature verification. In the context of Azure AD and Everbridge integration, there are a few key points to understand:

1. SAML Certificate (Token Signing Certificate): This is the primary certificate used for signing SAML tokens. It has a thumbprint that may differ from other certificates.
2. Verification Certificate (Optional): According to Microsoft documentation, this certificate is used for verifying the signatures of SAML requests. It is not mandatory unless specified in your configuration. Although this certificate is optional, it is recommended for an extra layer of security.
3. Everbridge Certificate: If your Azure AD configuration requires a verification certificate, you need to upload the Everbridge certificate. This can be either a CA-signed or a self-signed certificate provided by Everbridge.

Steps to Upload the Everbridge Certificate in Azure AD

1. Navigate to Azure AD Enterprise Applications: Go to the Azure portal and select 'Enterprise applications'.
2. Select Your Application: Choose the application configured for SSO with Everbridge.
3. Upload the Certificate: In the 'SAML Certificates' section, find the 'Verification certificates (optional)' field. Upload the Everbridge certificate here if your configuration requires it.

For more detailed instructions, refer to the Microsoft Entra integration with Everbridge tutorial.