The InVision SAML certificate, which is required for use of Single Sign-On (SSO), is being rotated as part of our routine certificate management processes. Your Identity Provider (IdP) administrator or IT manager will need to verify that your corporate IdP is configured to use the new SAML signed and encryption certificate.
Action required
To ensure uninterrupted SSO access for your team, your IT or Network department will need to contact InVision Support to schedule a time to update your SSO settings. Note that our Support team will need to update a setting on your account in parallel to your certificate update.
To confirm if you need to apply any changes and ensure that your IT or Network department have all the information needed before contacting our Support team, we've included additional context and resources below:
- To verify that your corporate IdP is configured to use the new SAML signed and encryption certificate, your Identity Provider (IdP) administrator or IT manager must use the first certificates listed in your SSO metadata.
- You can access the SSO metadata associated with your Enterprise account here: https://
your-team-subdomain
.invisionapp.com/sso/metadata
- You can access the SSO metadata associated with your Enterprise account here: https://
- Your IT manager or IdP administrator can validate that you’re using the new certificates by importing them and checking for the following:
Valid From: 6/16/2021 11:30:08 AM EDT
Valid Until: 7/16/2023 11:30:08 AM EDT
Serial Number: 0x5CBB053D7DC482479445645551A8A66DC19FA641
- If you’re accessing InVision from the app gallery in your IdP (e.g., Okta or Azure), then no manual certificate update should be required on your end. Your IT manager or IdP administrator would be able to confirm that.
When contacting InVision Support to schedule a time to update your SSO settings, provide a couple of dates and times when you will be available to proceed with the update (please be sure to include your time zone). Once a date and time has been set, our Support team will rotate the SSO certificate at the agreed time and confirm once it’s complete. After that, your IT manager or IdP administrator will need to apply the changes on your end if needed (please see the explanation above) and sign in to InVision using SSO to make sure that it’s working as expected. This process should take no more than 5 minutes of your time.
If you do not complete the certificate rotation steps in advance of the date alerted in your account, you may be temporarily blocked from logging into your account using Single-Sign On (SSO). If this does occur, please contact InVision Support to help resolve the issue.