Replacing CloudAccess certificate fails to update Office365 side automatically

  • 7018983
  • 12-May-2017
  • 12-May-2017

Environment

NetIQ Cloud Access 3.0

Situation

Customer is using CloudAccess for provisioning and federation users with Office 365.  Their cert used on the NCA is expiring.  What is the best procedure to follow for updating/replacing the cert so that users are not impacted going to Off365?  The steps to update the cert on CloudAccess is well documented, but does one need to do anything on Off365?

Resolution

After replacing the CloudAccess certificate, do the following on the Office 365 side:
 
- connecto to Office 365 with powershell
- run Set-MsolDomainFederationSettings -DomainName off365dom.netiq.com –IssuerUri https://idp.off365dom.netiq.com/osp/a/t1/auth/wsfed/metadata
where off365.netiq.com is my office365 domain, and idp.off365dom.netiq.com is the CloudAccess host.