07/Aug/2024 - TIL | Chris Rants at Clouds

Today I Learned:

Google Workspace SAML certificates expire after 5 years.

And when it does, if you use that to log into AWS, you suddenly can’t. So, either keep a backup IAM account handy, or remember the details of your AWS root account. Any and all access methods should have 2FA enabled!

AWS and Google SAML

It’s an easy fix to just log back into Workspace Admin -> Apps -> Web and Mobile Apps, go into the particular application, click on Service Provider Details, Manage Certificates, Add Certificate, then finally Download Metadata.

You take that file, go back to AWS Console, then into IAM -> Identity Providers -> your-saml-provider -> Replace Metadata, then upload the file from the previous step.

Job done!

Questions, Comments, Thoughts? If you have a Github account, you can leave a comment below. Alternatively, email me via "chris AT funderburg dot me", or use the contact form.

Today I Learned:#

Google Workspace SAML certificates expire after 5 years.#

Reactions and Comments

Today I Learned:

Google Workspace SAML certificates expire after 5 years.