SSO Certificate Rotations

Following JumpCloud's recent security events, please rotate certificates for the following JumpCloud SSO applications. External Services - [x] Slack - [x] Delete the Microsoft Office 365 Integration - [x] AWS - [x] Datadog - [x] Delete the Salesforce FFB-UAT Integration - [x] Salesforce - [x] SendGrid (FI) - [x] SendGrid (OE) - [x] Delete the Figg OE Whitelabel Integration Internal Services - [x] Baserow - [x] Delete the Grafana Integration (its configured for LDAP not SSO) - [x] Retool - [x] Retool (FI QA) - [x] Retool (FI UAT) - [x] Retool (OE) ## General 1. Login to desired application and navigate to the SAML/IDP Settings 2. In Jumpcloud, navigate to SSO -> Click on desired application 3. Under Single sign-on click IDP Certificate Valid -> Regenerate Certificate -> Download Certificate 4. Navigate to your Application's SAML, IDP, or SSO Settings and upload the new IDP Certificate ## Slack Documentation: https://support.jumpcloud.com/support/s/article/single-sign-on-sso-with-slack1 Notes: 1. login to [JumpCloud admin console](https://console.jumpcloud.com/#/sso/6356c7355b1c7ea4601d3105/details) 2. In Jumpcloud, navigate to SSO -> Click on Slack 3. Under Single sign-on click IDP Certificate Valid -> Regenerate Certificate -> Download Certificate 3. Go to slack admin console -> security -> sso 4. Change the public cert (first cert in the pop up) with the new cert that was just downloaded from jumpcloud 5. Shift-click on test config button to test if the configuration change is working ## SalesForce Documentation: https://support.jumpcloud.com/support/s/article/single-sign-on-sso-with-salesforce1 Notes: 1. login to [JumpCloud admin console](https://console.jumpcloud.com/#/sso/6356c7355b1c7ea4601d3105/details) 2. In Jumpcloud, navigate to SSO -> Click on SalesForce 3. Under Single sign-on click IDP Certificate Valid -> Regenerate Certificate -> Download Certificate 4. In salesforce login as an admin user 5. Navigate to the setup page by hitting the gear icon on the top right corner -> Setup 6. In the setup page, use the search bar on the left to lookup Single Sign On 7. Click edit next to the "jumpcloud" SAML Single Sign-On Settings 8. Upload the new cert generated from jumpcloud in the "identity provider certificate" field 9. click save ## AWS 1. Login to the AWS Account that is managing AWS SSO. Should be the parent organization account (Currently name FI). 2. See [General](#General) for regenerating the Jumpcloud IDP certificate. 3. Navigate to IAM Identity Center -> Navigate to IAM Identity Center -> Settings -> Identity Source -> Actions -> Manage Authentication -> Import Certificate 4. Upload the certificate from jumpcloud. 5. Remove old cert