Adds a Security Assertion Markup Language (SAML) signing certificate.

Usage notes

You can add up to two SAML signing certificates.

This topic provides an example on how to add a SAML signing certificate to the directory d-00fc2p61****.


You can call this operation up to 100 times per second per account. This operation is globally limited to 100 times per second across all accounts. If the number of the calls per second exceeds a limit, throttling is triggered. As a result, your business may be affected. We recommend that you take note of the limits when you call this operation.


OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes AddExternalSAMLIdPCertificate

The operation that you want to perform. Set the value to AddExternalSAMLIdPCertificate.

DirectoryId String Yes d-00fc2p61****

The ID of the directory.

X509Certificate String Yes MIIC8DCCAdigAwIBAgIQP9eomUYGeoND****

The X.509 certificate in the PEM format.

The certificate is provided by the SAML IdP.

For more information about common request parameters, see Common parameters.

Response parameters

Parameter Type Example Description
RequestId String 12B3E332-DD16-515B-B695-39BA233AA172

The ID of the request.

CertificateId String idp-c-00wk2fb4foracls0****

The ID of the SAML signing certificate.


Sample requests

&<Common request parameters>

Sample success responses

XML format

HTTP/1.1 200 OK


JSON format

HTTP/1.1 200 OK

  "RequestId" : "12B3E332-DD16-515B-B695-39BA233AA172",
  "CertificateId" : "idp-c-00wk2fb4foracls0****"

Error codes

For a list of error codes, visit the API Error Center.