https://live.paloaltonetworks.com/t5/general-topics/saml-idp-certificate/m-p/389958#M90670 <P>The certificate you select in the auth profile identifies the local firewall to the IDP (Azure) so you need to select a certificate you have the private key for. If you look at your certs, you need one where you have the private key, and if you dont, generate a test cert. You should then be able to select that certificate to sign the request that the firewall sends to Azure. I cant remember if you need to also upload the public cert to Azure.</P> Tue, 09 Mar 2021 10:49:49 GMT Will_Embrey 2021-03-09T10:49:49Z https://live.paloaltonetworks.com/t5/general-topics/saml-idp-certificate/m-p/389936#M90666 <P>Hi Team,</P><P>&nbsp;</P><P>We need to integrate Saml With Global Protect .We have done the saml configuration in azure perfectly fine.We have exported the metadata file from azure and inported in PA NGFW successfully.We need to achieve through IDP certifcate but the issue is we are unable to add the IDP certificate in authentication profile in certificate for signing request.</P><P>The IDP certificate is also imported when we import the metadata file.</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 09 Mar 2021 07:56:54 GMT https://live.paloaltonetworks.com/t5/general-topics/saml-idp-certificate/m-p/389936#M90666 GideonKonga 2021-03-09T07:56:54Z https://live.paloaltonetworks.com/t5/general-topics/saml-idp-certificate/m-p/389958#M90670 <P>The certificate you select in the auth profile identifies the local firewall to the IDP (Azure) so you need to select a certificate you have the private key for. If you look at your certs, you need one where you have the private key, and if you dont, generate a test cert. You should then be able to select that certificate to sign the request that the firewall sends to Azure. I cant remember if you need to also upload the public cert to Azure.</P> Tue, 09 Mar 2021 10:49:49 GMT https://live.paloaltonetworks.com/t5/general-topics/saml-idp-certificate/m-p/389958#M90670 Will_Embrey 2021-03-09T10:49:49Z