Certificate expiry notifications

MobileIron Access periodically verifies the validity of the metadata for a service provider (SP) and identity provider (IdP) federated pair. A scheduled job runs every 24 hours to check the federated pairs metadata files. Any issues found during the scheduled job display as notifications in the administration portal in Profile > Federated Pair.

The verification includes checking the expiration date of the certificate embedded in the metadata. MobileIron Access sends email notifications to Access administrators on the 30th, 15th, and 7th day before the expiry of the certificate. Starting on the 7th day before the certificate is set to expire, an email notification is sent every day till the expiration date. Once the certificate expires, an email is sent to confirm that the certificate has expired.

IMPORTANT: Update the certificate before expiry to ensure that the most current certificates are available in Access. If the certificate in Access does not match the certificate in the SP or IdP, authentication will fail for device users accessing the federated cloud service through MobileIron Access. Authentication will continue to work as expected if the certificate in Access and in the SP or IdP are the same, irrespective of whether the certificates are expired or not.

In addition to email notifications, the following notifications are also provided in the MobileIron Access user interface:

Notification in Profile > Federation

A notification displays in Profile > Federation. The notification includes the number of days remaining before the certificate expires. The row for the delegated IdP or federated pair with certificates that have warnings expands by default.

Figure 1. Certificate expiration notification


 

Notifications after a certificate expires

The following figure shows the notifications after the certificate expires for the delegated IdP or federated pair.

Figure 2. Notification after certificate expires


Notification when you edit a federated pair or delegated IdP

A notification displays when you edit the federated pair or delegated IdP. The notification includes the number of days remaining before the certificate expires. The following figures show notifications 30 days and one day prior to certificate expiration.

Figure 3. 30 days before certificate expires



Figure 4. One day before certificate expires