Help Center
Go back to Timly
Help Center
Go back to Timly
1. General Questions
2. First Steps
3. Technical Support
3.1 - Tips for using the search function in Timly3.2 - How to integrate Timly with other IT applications3.3 - How to log maintenance with 'Service Documentation' 3.4 - How to track your inventory's location3.5 - Using Timly on mobile devices3.6 - How to reset your Timly password3.7 - CSV Importer: How can I import existing databases into Timly?3.8 - Adding URL as Custom Item Field
A. Objects
B. Activities & Attributes
C. Employees
F. SSO
F.1 - How to configure SSOF.2 - How to configure user provisioningF.3 - How to configure person provisioningF.4 - How to update the provision tokenF.5 - How to renew the SSO certificate
4. Your Data Privacy & Security
5. Timly Pricing & Contract
6. Product Updates
Glossary

F.5 - How to renew the SSO certificate

Your Identity Provider's SSO signing certificate expires periodically (typically every 1–3 years). When it expires, users will no longer be able to log in to Timly via SSO. This guide walks you through renewing it in your IdP and refreshing it in Timly without downtime.

 

πŸ’‘ Key Information

When the certificate is approaching expiry:
- Primary account administrators automatically receive email notifications 30 days, 7 days, and 1 day before the certificate expires.
- The current expiry date is shown directly on the SSO configuration page under Certificate expiry, so you can check it at any time.
 - A warning banner is displayed next to the SSO configuration as soon as the certificate is close to expiring or has already expired.

 

 πŸš¨ Important Information
 - The certificate must be renewed before its expiry date, otherwise users will no longer be able to log in via SSO until the renewal is completed.
- Renew the certificate in your Identity Provider first, and only then refresh it in Timly. The order matters.  

 

πŸ›œ Microsoft Entra ID (Azure)

- If you are using a different Identity Provider (Okta, Google Workspace, etc.), the equivalent action is to generate or rotate  
- The SSO signing certificate inside that IdP, then continue with the Timly steps below.


 

Steps
 

 

  • Sign in to the Microsoft Azure portal and navigate to Enterprise applications
  •  Search for and open the enterprise application you use for Timly SSO
  •  In the left-hand menu, select "Single sign-on"
  •  Scroll down to the SSO Certificates section and click "Edit"
  • Choose one of the two available options:
    - "New Certificate" β€” generates a fresh certificate directly in Azure (Recommended option for most cases)
    - "Import Certificate" β€” upload a certificate you have generated externally
  • Click "Save" to persist the new certificate
  • Find the newly created certificate in the list and click the three-dot menu next to it, then select "Make certificate active"
  • Confirm the change
  • The status of the new certificate should now be shown as "Active"

 

πŸ›œ Timly-App

 

 

Steps

 

  • Log in to Timly as an administrator and navigate to "Settings" β†’ "Single Sign-On (SSO)"
  • Click "Edit" beneath the SSO configuration you have just updated in Azure
  • Scroll down to the SSO signing certificate section. You will see a button called "Fetch and save"
  • Click "Fetch and save"
     

Timly will:
 - Re-fetch the SSO metadata directly from your Identity Provider
 - Replace the old certificate with the new one
- Update the Certificate expiry date shown on the page
 

  • Confirm that the new Certificate expiry date matches the validity of the certificate you just created in Azure. The expiry warning banner should now disappear.


 

πŸ“š More Resources


πŸ“© Interested in learning more about our SSO feature? Schedule a free and non-binding demo with one of our experts. For questions, feel free to contact us at [email protected].

Did you find this article useful?

English
Powered by Product Fruits