How To: Generate New Certificate

This article will include instructions for the following identity provider: Microsoft Azure, Okta, OneLogin, PingOne and Google Cloud Identity

If your Identity Provider is not listed above, we recommend generating your identity provider’s signing certificate with the following selections:

• Signing option: Make sure your signing option location is in ‘Assertion’ only.
• Signing algorithm: Use the SHA2-Family of algorithms, such as SHA256, for signing the SAML assertion.

Microsoft Azure

1. Open the integration application page for the Autodesk/Adsk SSO gallery app that you created.

2. Go to Azure section 3 - SAML Certificates and click Edit.

   

3. In the Signing Option, select Sign SAML assertion and in the Signing Algorithm, select SHA 256. Click + New Certificate to create new certificate.

   

4. Save to save the values and X to close the pop-u p window.

   

5. Go to back to Azure section 3 - SAML Certificates and click Edit.

6. Click Make certificate active and download Base64 certificate download.

   

7. Once the file is successfully downloaded, switch to Autodesk Account Step 1 – Add Identity Provider and metadata, and upload the new certificate in Identity Provider certificate.

Okta

1. Open the integration application page for the Autodesk/Adsk SSO gallery app that you created.

2. Select the Sign On tab and scroll down to section SAML Signing Certificates. Click on Generate new certificate.

   

3. In the new generated certificate, click Actions > Activate > Activate certificate.

4. Click Actions again and click Download certificate.

   

5. Once the file is successfully downloaded, switch to Autodesk Account Step 1 – Add Identity Provider and metadata, and upload the new certificate in Identity Provider certificate.

OneLogin

1. In the navigation pane, click Administration.

   

2. From the Security menu, open Certificates.

   

3. Click New and enter a name for the certificate.

   

4. Under Signature select SHA256 and click Save.

   

5. Under SHA fingerprint select SHA256 and click Save.

   

6. From the Applications menu, open Applications and select the Autodesk application created.

   

7. Click SSO. Under X.509 Certificate, click Change to change the certificate to the newly created certificate and click Continue once you have done so.

   

   

8. Ensure the SAML Signature Algorithm is SHA-256 and Save > View details. Click Download to download the certificate.

   

   

9. Once the file is successfully downloaded, switch to Autodesk Account Step 1 – Add Identity Provider and metadata, and upload the new certificate in Identity Provider certificate.

PingOne

1. Click Administrators to begin.

   

2. In the navigation, click Connections > Certificates & Key Pairs > + Add > Create Key Pair.

   

3. Under Common Name and Organization, enter a name for the certificate and your organization respectively. Under Usage type, select Signing – Verification.

   For the Certificate Settings, ensure the Key Algorithm is set to RSA, Key Size Bits in 2048 and the Signature Algorithm is SHA256withRSA.

   Click Save & Finish.

   

4. In the navigation, click Connections > Applications and select the Autodesk/Adsk SSO gallery app that you created. Click the Configuration tab > Edit.

   

5. Change the signing key to the new certificate added. Ensure the Sign Assertion is selected and Signing Algorithm set to RSA_SHA256. Click Save.

   

6. Under Connection Details, click Download Signing Certificate > X509 PEM (.crt) to download the certificate.

   

7. Once the file is successfully downloaded, switch to Autodesk Account Step 1 – Add Identity Provider and metadata, and upload the new certificate in Identity Provider certificate.

Google Cloud Identity

1. Expand the Security tab on the left-hand side menu and select Authentication > SSO with SAML applications. Under Certificates, click Add Certificate.

   

2. Download the new certificate that will be used for uploading Autodesk in the final step.

   

3. Go back to the left-hand side menu, select Apps > Web and mobile apps. Select the Autodesk/Adsk SSO gallery app that you created.

   

4. Click Service provider details.

   

5. Under Certificate, select the new certificate created. Click Save.

   

6. Switch to Autodesk Account Step 1 – Add Identity Provider and metadata, and upload the new certificate in Identity Provider certificate.