Use a custom certificate to sign SAML requests

Problem statement

When creating a SAML connection (Authentication → Enterprise → SAML), we have the option to turn on the “Sign requests”. We use this option in all our SAML connections. However, the certificate used to sign these requests (namely: https://.auth0.com/pem?cert=connection) is self-signed. We have a large customer who, for security and compliance reasons, requires all certificates to be signed by a CA. Is there a way to use a custom certificate to sign these requests?

Solution

This specific requirement is covered in this article. It’s not possible to do it through the Dashboard, but the Management API allows it.