Overview
Tenant admins may wrongly believe they need access to the tenant’s private key to sign a request for a SAML connection, so they try to locate it but are unable to do so. This article explains how the private key is used and why it cannot be accessed.
Applies To
- SAML Connection
- Signing Certificates
- Private Keys
- Tenant Certificate
- Tenant Private Key
Solution
Auth0 tenant administrators do not have direct access to view the tenant’s private key. The management of sensitive information like private keys is typically restricted to ensure security and privacy. Auth0 uses the tenant’s private key to sign the SAML requests when It acts as a SAML Service Provider (SP).
By default, Auth0 uses the tenant private key to sign SAML requests when the Sign Request toggle is enabled. Tenant admins have the option to use a custom key to sign requests by providing their own private/public key pair to sign requests coming from a specific connection.