All articles

Updating IdP SAML Signing Certificate

Table 5. Availability - Legacy plans

Free

Professional

Business

Enterprise

Availability: Legacy Enterprise.; Unavailability: Legacy Free, Legacy Professional, Legacy Business.;

Table 6. Availability

Free

Team

Business

Enterprise

Pinnacle

Availability: Enterprise, Pinnacle. ; Unavailability: Free, Team, Business;

Overview

Account owners and admins with the Configure advanced security settings permission can update the SAML metadata and IdP SAML SSO signing certificate in Wrike.

Preliminary Arrangements

Before updating the SAML metadata and signing certificate (obtained from your Identity Provider or IdP) in Wrike, please:

  • Save the current SAML metadata on file (containing the old certificate) by downloading it from your IdP, if possible. This allows for a rollback in case of any errors after the switchover to the new IdP metadata.

  • Ensure that your account has at least one admin with the permission to configure advanced security settings who is logged in to Wrike at the time of the certificate update and user login testing. This admin can revert the changes post-update, if needed (see step 5). If you are the only admin with this permission, refrain from performing the login tests yourself (see step 4); instead, request some of your account users to do it.

Steps to Update the SAML SSO Certificate in Wrike

  1. Download the New Metadata from Your Identity Provider (IdP):

    • Ensure you have the new metadata from your IdP, either downloaded as an XML file or available as a URL. This metadata should contain the new (updated) signing certificate.

  2. Access Wrike Security Settings:

    • Log into your Wrike account as the owner or an admin with permission to configure advanced security settings.

    • Click your profile image in the sidebar on the left and select Settings from the dropdown menu.

    • Click Security in the left panel under Account management.

  3. Update SAML SSO Settings:

    • On the Security page, scroll down to the SAML SSO section and click Change settings. The SAML SSO configuration wizard will open.

    • In the configuration wizard, select your IdP from the dropdown.

    • Click Proceed and upload the new metadata file by adding the entire XML file content to the corresponding field.

    • Double-check the parameters and proceed to enable and save the SAML SSO settings with the new metadata. You will receive a security confirmation code via email to confirm and save the new settings.

  4. Testing:

    • After updating the certificate, test the SAML SSO login to your Wrike account to ensure everything is working correctly.

    • Check both logging in via the Wrike login page and directly from your Identity Provider (if it supports IdP-initiated login to Wrike).

  5. Rollback Plan:

    • In case of any issues, you can temporarily disable SAML SSO from within your Wrike account.

    • To do this, go to Security under Account management in your Settings and scroll down to SAML SSO. This allows you to log in with your email and password until the issue is resolved.

    • If you have saved the previous metadata from your IdP and the certificate in it is still valid, you can re-upload the old metadata and enable SAML SSO with it temporarily before generating the new metadata and attempting another switchover.

What’s next?

Top

Related articles