To ensure a seamless login experience and avoid service interruptions, Podbean supports Dual Certificate Rotation. This allows you to upload and activate a new certificate before the existing one expires.


Step 1: Download a New Certificate from Your Identity Provider

Step 2: Navigate to SSO Settings in Podbean

Step 3: Upload the New SAML Signing Certificate

Step 4: Activate the New Certificate

Step 5: Test Single Sign-On

Troubleshooting SAML Signing Certificate Rotation for SSO



Step 1: Download a New Certificate from Your Identity Provider


Log in to your Identity Provider (such as Okta, Azure AD, or others) and download the new SAML signing certificate according to your IdP’s instructions.


Step 2: Navigate to SSO Settings in Podbean

  1. Log in to your Podbean account.
  2. Go to the Company Dashboard.
  3. Navigate to Settings > SSO Login.


Step 3: Upload the New SAML Signing Certificate

  1. On the SSO Login page, find the SAML Signing Certificates and click Manage.
  2. In the pop-up window, click the Upload button in the top-left corner.
  3. Select the certificate file from your device to upload it.


Note: Podbean supports a maximum of 5 certificates at a time. If you have already reached this limit, you may delete an unused or expired certificate before uploading a new one.



Step 4: Activate the New Certificate


Newly uploaded certificates are Inactive by default. To put the certificate into use:

  1. Locate the new certificate in the list.
  2. Click the three-dot icon (···) on the right side of the row.
  3. Select Activate from the dropdown menu.


Step 5: Test Single Sign-On

After activating the new certificate, testing SSO login can help ensure everything is working as expected. A successful login indicates the new certificate is being accepted correctly.



Troubleshooting SAML Signing Certificate Rotation for SSO

  1. Unable to upload a new certificate  
    Confirm that the certificate file format is supported (.cer, .crt, .pem) and that the certificate limit (up to 5 certificates) has not been reached.

  2. Users are unable to sign in after activating the new certificate in Podbean
    Check your Identity Provider settings to see whether the new signing certificate has been activated. Some IdPs continue using the previous certificate until this step is completed.

  3. The old certificate is still listed after the new certificate is activated  
    This is expected during the transition period. Keeping the previous certificate helps avoid login disruptions while your Identity Provider completes the switch. Once the new certificate is fully in use, the old certificate may be deleted from your Podbean account if no longer needed.

  4. Multiple certificates appear as active in Podbean
    This is expected during certificate rotation and helps maintain uninterrupted access.