IdP certificate cmdlets

IdP Certificate cmdlets allow you to view and select which certificates are to be used for IdP communication between the Platform and the customer's IdP for directory search.

The Platform manages the certificates to be used for directory search. When a tenant is initially provisioned, a single certificate is created. By default, this certificate is valid for a year. As it approaches expiry, a new certificate will automatically be created; however, it will not automatically be used by the Platform. The IdP certificate cmdlets can be used to view the list of certificates, see which certificate has been selected, and select which certificate is used.

Get-1EIdPCertificate [-CertThumbprint <Thumbprint>] [-AsPEM] [-File <File>]

This cmdlet can be used to list the available certificates, get the certificate details, and download the public key.

Listing the available certificates

To list all the available certificates that can be used, the cmdlet can be run with no arguments. All available certificates will be returned, and the response will include the thumbprints, activation date, expiry date, and the active state.

Geting information for a specific certificate

When the -CertThumbprint argument is included, only the details for the specific certificate are returned. The information will include activation date, expiry date, and active state.

Downloading the certificate

To download the PEM-formatted certificate, the -AsPEM option must be specified with -CertThumbprint. This option allows the download of the public key. The PEM-formatted certificate will be output to the console. You can include the -File parameter, which can be used to save the certificate to a file instead of outputting it to the console.

Set-1EIdPCertificate -CertThumbprint <Thumbprint>

This cmdlet allows you to select which certificate is considered active. The active certificate will be used for directory search. The -CertThumbprint is a required parameter, and it must specify an existing certificate. The existing certificate can be listed via the Get-1EIdPCertificate cmdlet.