Deprecation: Genesys Cloud SSO certificate expiry

On January 1, 2024, the Genesys Cloud SSO certificate will expire. As a result, if you use the Single Logout feature and your identity provider supports signature verification for single log out requests, you must upload a new certificate to your identity provider

FAQs

Am I affected?

If you use the Single Logout feature and your identity provider supports signature verification for Single Logout requests, then you are affected.

How do I know if my organization uses the Single Logout feature?

Organizations that configured Genesys Cloud to work with single sign-on added their configuration settings via the administration console under Integrations > Single Sign-On. If the Single Logout URI is configured under the relevant identity provider, then Single Logout is being used.

What do I need to do before the Removal Date?

The new certificates (which expire on January 1, 2026) are already available. To fetch the Genesys Cloud SSO certificate, visit https://github.com/MyPureCloud/genesys-cloud-sso-certificates and download the file that corresponds to your organization’s AWS region.

If your identity provider allows you to upload multiple certificates, you can upload the new certificate at any time before January 1st, 2024.

If your identity provider does not allow you to upload multiple certificates, upload the new certificate on or after January 1, 2024. Note, the feature stops working correctly until the updated certificate is uploaded.

Refer to your identity provider’s documentation for instructions to upload the certificate.

How long should it take to update the certificate?

Updating the certificate typically takes less than 30 minutes and can be performed during business hours. Before January 1, 2024, ensure that you review your identity provider’s documentation to confirm the process for uploading the certificate and ensure you have the necessary access to perform the update.

What will happen if the certificate is not updated?

1. If your organization uses the Single Logout Feature as part of their single sign-on setup and the single sign-on identity provider requires a certificate for Single Logout, the Single Logout feature stops working. With Single Logout, users can log out of the identity provider and the service provider (Genesys Cloud) by logging out from either of them. If Single Logout is no longer working, the user must log out of both separately.
2. There is no impact to any other functionality.

Who should I contact if I need help or have additional questions?

Contact My Support.