https://live.paloaltonetworks.com/t5/strata-cloud-manager/scm-gp-user-certificate-renewal-process/m-p/1234272#M34 <DIV class="p-rich_text_section">The below are the steps to renew GP certificate for Prisma Access on Strata Cloud Manager</DIV> <DIV class="p-rich_text_section">&nbsp;</DIV> <DIV class="p-rich_text_section"><EM>*Note in this example we are using Azure as the IDP</EM></DIV> <DIV class="p-rich_text_section">&nbsp;</DIV> <OL class="p-rich_text_list p-rich_text_list__ordered p-rich_text_list--nested" data-stringify-type="ordered-list" data-list-tree="true" data-indent="0" data-border="0"> <LI data-stringify-indent="0" data-stringify-border="0">Make sure to delete the old certificate on the Azure SAML IdP side</LI> <LI data-stringify-indent="0" data-stringify-border="0">Then export the new SAML metadata XML file (which has only the new certificate) from Azure IdP</LI> <LI data-stringify-indent="0" data-stringify-border="0">In Strata Cloud Manager(SCM), navigate to Manage &gt; Configurations &gt; NGFW &amp; Prisma Access &gt; Identity Services &gt; Authentication &gt; Server Profiles &gt; SAML, open the existing SAML profile which you use and click on "Import"&nbsp; under Identity Provider Certificate, to import the new metadata XML file to the SCM console. Now save the SAML profile.</LI> <LI data-stringify-indent="0" data-stringify-border="0">After that, navigate to Objects &gt; Certificate Management to verify and confirm that the Azure SAML IdP certificate is automatically renewed.</LI> <LI data-stringify-indent="0" data-stringify-border="0">Now do an '<STRONG>all-admin</STRONG>' push to the Mobile Users template to ensure the update is propagated to the Prisma Access backend nodes</LI> </OL> <DIV class="p-rich_text_section"><EM>(Note: All-admin push is needed, as it will show the changes done by 'System' since the new SAML certificate is extracted from the recently imported XML file)</EM></DIV> Thu, 17 Jul 2025 21:49:22 GMT nayubi 2025-07-17T21:49:22Z https://live.paloaltonetworks.com/t5/strata-cloud-manager/scm-gp-user-certificate-renewal-process/m-p/1234272#M34 <DIV class="p-rich_text_section">The below are the steps to renew GP certificate for Prisma Access on Strata Cloud Manager</DIV> <DIV class="p-rich_text_section">&nbsp;</DIV> <DIV class="p-rich_text_section"><EM>*Note in this example we are using Azure as the IDP</EM></DIV> <DIV class="p-rich_text_section">&nbsp;</DIV> <OL class="p-rich_text_list p-rich_text_list__ordered p-rich_text_list--nested" data-stringify-type="ordered-list" data-list-tree="true" data-indent="0" data-border="0"> <LI data-stringify-indent="0" data-stringify-border="0">Make sure to delete the old certificate on the Azure SAML IdP side</LI> <LI data-stringify-indent="0" data-stringify-border="0">Then export the new SAML metadata XML file (which has only the new certificate) from Azure IdP</LI> <LI data-stringify-indent="0" data-stringify-border="0">In Strata Cloud Manager(SCM), navigate to Manage &gt; Configurations &gt; NGFW &amp; Prisma Access &gt; Identity Services &gt; Authentication &gt; Server Profiles &gt; SAML, open the existing SAML profile which you use and click on "Import"&nbsp; under Identity Provider Certificate, to import the new metadata XML file to the SCM console. Now save the SAML profile.</LI> <LI data-stringify-indent="0" data-stringify-border="0">After that, navigate to Objects &gt; Certificate Management to verify and confirm that the Azure SAML IdP certificate is automatically renewed.</LI> <LI data-stringify-indent="0" data-stringify-border="0">Now do an '<STRONG>all-admin</STRONG>' push to the Mobile Users template to ensure the update is propagated to the Prisma Access backend nodes</LI> </OL> <DIV class="p-rich_text_section"><EM>(Note: All-admin push is needed, as it will show the changes done by 'System' since the new SAML certificate is extracted from the recently imported XML file)</EM></DIV> Thu, 17 Jul 2025 21:49:22 GMT https://live.paloaltonetworks.com/t5/strata-cloud-manager/scm-gp-user-certificate-renewal-process/m-p/1234272#M34 nayubi 2025-07-17T21:49:22Z