(Updated 8/18/2025)
ArcGIS Online Organization administrators that have enabled Signed and/or Encrypted Assertions in alignment with ArcGIS Online Best Practices for SAML Security need to obtain the new ArcGIS Online Service Provider metadata file + certificate and associate it with their SAML Identity Provider (eg. Azure Active Directory Enterprise Applications with Token Encryption) before September 19, 2025otherwise ArcGIS Online sign-ins with Enterprise (SAML) accounts will fail.
Follow the instructions in this blog article: Action Required: ArcGIS Online SAML Customers
If you encounter an issue while updating the certificate and require additional help with troubleshooting, please reach out to Esri Technical Support.
(updated 8/30/2024)
Attention to ArcGIS Online Administrators
ArcGIS Online Organization administrators that have enabled Signed and/or Encrypted Assertions in alignment with ArcGIS Online Best Practices for SAML Security need to obtain the new ArcGIS Online Service Provider metadata file + certificate and associate it with their SAML Identity Provider.
ArcGIS Online new certificate is available now. Please refer to this blog for step-by-step instructions: https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/action-required-arcgis-online-...
The current certificate is set to expire on September 24, 2024. This action to replace the certificate requires collaboration between the ArcGIS Online administrator and the SAML Identity Provider's IT administrator. If you are not the correct contact for this matter, please forward this email to your relevant IT personnel.
We strongly recommend taking immediate actions to prevent any disruption in using SAML (SSO) for accessing your ArcGIS Online organization.
If you are not enabling Signed SAML Assertions within your ArcGIS Online organizations which will utilize certificates, then you don't have certificate; therefore certificate rotation is not required . However, moving forward, to align with industry standard best practices, we recommend you to use certificates.
Additionally, we recommend the following best practices for ArcGIS Online Administrators:
- Have both SSO Admin account AND Built -in Admin account. This way, if you experience issues logging in with SSO, you can still access your account through www.arcgis.com using the built-in credentials.
- Make sure the ArcGIS Online Administrative contacts are up to date in your ArcGIS Online (Settings > General) to continue receiving communications from Esri Customer Service. You can add multiple contacts.
If you encounter an issue while updating the certificate and require additional help with troubleshooting, please reach out to Esri Technical Support.
