Skip to main content

How to Provide the elvex Signing Certificate to Your Identity Provider

Learn how to obtain the elvex SAML signing certificate from our support team and import it into your Identity Provider (IdP) so that signed login requests are accepted.

When elvex is configured to sign its SAML authentication requests, your Identity Provider (IdP) needs a copy of elvex's signing certificate to verify those requests are legitimate. Without it, your IdP will reject the login attempt and users may see an authentication error when logging on.

You might need to complete this guide when:

  • Users are seeing authentication errors after you enabled Sign Request in your elvex SAML settings

  • Your IdP administrator has asked you to provide a service provider (SP) signing certificate

  • You're setting up a new SAML connection with an IdP that enforces signed requests by default (such as Keycloak, Okta, Azure AD, or ADFS)

This guide will show you how to obtain the certificate from the elvex team and import it into your IdP so that signed login requests are accepted.

Before you begin

Step 1: Request the elvex signing certificate

The elvex signing certificate is managed by our team. To get a copy, contact [email protected] and let us know you need the SP signing certificate for your SAML connection. We'll send it to you promptly.

Please include your company name and IdP type (e.g. Keycloak, Okta, Azure AD) in your message so we can assist you as quickly as possible.

Step 2: Import the certificate into your IdP

Once you've received the .pem certificate file from the elvex support team, import it into your IdP. Find your IdP below.

Keycloak

  1. In the Keycloak admin console, navigate to your realm → Clients → select the elvex client

  2. Go to the Keys tab

  3. Under Client Signature, toggle Use signing certificate on

  4. Click Import Certificate and upload the .pem file provided by elvex support

  5. Save your changes

  6. Re-enable Signed Assertions if you had previously disabled it as a workaround

Okta

  1. In the Okta admin console, navigate to Applications → select the elvex app

  2. Go to the Sign On tab → SAML SettingsEdit

  3. Under Advanced Settings, find the Signature Certificate field

  4. Upload the .pem file provided by elvex support

  5. Save your changes

Azure AD

  1. In the Azure portal, navigate to Enterprise Applications → select the elvex app

  2. Go to Single sign-onSAML Certificates

  3. Under Verification certificates, click Upload certificate

  4. Upload the .pem file provided by elvex support

  5. Save your changes

Using a different IdP? Search your IdP's documentation for "import SP signing certificate" or "client signature certificate" to find the equivalent setting.

Step 3: Test the SSO login

Once the certificate has been imported, verify that authentication is working correctly:

  1. Open a private or incognito browser window to ensure you're starting a fresh session

  2. Navigate to app.elvex.ai

  3. Click Sign in with SSO and enter your company email address

  4. You should be redirected to your IdP login page — after authenticating, you'll be returned to elvex

If you still see an authentication error after importing the certificate, contact [email protected] with a description of the error and your IdP type.

Still having issues?

If users who previously logged in with email and password are now unable to log in after SSO was enabled, this is a separate issue unrelated to the signing certificate. Contact [email protected] and our team can resolve this quickly.

Related Articles
Configuring enterprise single sign-on (SSO) or SAML
Getting Started: An Admins Guide
How to set up SAML attribute groups for automatic group assignment
How to Verify a Domain for Your SAML Connection
Did this answer your question?