ERP SSO broken after IdP certificate rollover

MSP Toolkit
Minimal guidance for messy support realities.
Submitted by Anonymous (not verified) on

Scenario

Users can still reach the app, but SSO fails immediately after identity provider signing certificate changes.

Recommended Resolution Path

  1. Compare the certificate metadata loaded in the ERP against the current IdP signing certificate.
  2. Check whether the app trusts both old and new certificates during rollover.
  3. Collect a SAML trace or vendor log for exact validation failures.
  4. Document certificate rollover ownership so app teams are not surprised next cycle.

Technician Notes

Document what changed, what confirmed the fix, and whether the issue points to a broader standards gap worth addressing for the client.

Subjects
Business Applications
ERP & Line-of-Business