Automate Azure SAML Certificate Monitoring (Expiry)

If you’ve implemented a large number of SAML applications within Azure AD, you may have come across a certificate expiring, without you knowing. This causes the application to break until the certificate has been updated on both sides (SSO).

There are some solutions out there that can help track, however the below may help you build your own.

GitHub: Script

The script runs through all your applications and allows you to handle the data as you wish. You could stick with simple and create a local CSV file.

Building on this, you could perhaps have a Power Automate workflow behind it to email it to a DL once created.

You could also use a Logic App to run through a workflow and parse the the data in JSON.

This could then run through a workflow to fire out to multiple teams, or create tasks based on criterias.

You could setup an automation account running this script on schedule. If during the script run through it found an expiring certificates, it could trigger your Logic App workflow to do X. Again, I always favour a Logic app to run through several steps.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Create a website or blog at

%d bloggers like this: