Queries Security Assertion Markup Language (SAML) signing certificates.

Usage notes

This topic provides an example on how to query the SAML signing certificates within the directory d-00fc2p61****. The returned result shows that the directory contains one SAML signing certificate.


You can call this operation up to 100 times per second per account. This operation is globally limited to 100 times per second across all accounts. If the number of the calls per second exceeds a limit, throttling is triggered. As a result, your business may be affected. We recommend that you take note of the limits when you call this operation.


OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes ListExternalSAMLIdPCertificates

The operation that you want to perform. Set the value to ListExternalSAMLIdPCertificates.

DirectoryId String Yes d-00fc2p61****

The ID of the directory.

For more information about common request parameters, see Common parameters.

Response parameters

Parameter Type Example Description
RequestId String 400979BC-92EC-58B9-B47C-6913BD56A6FD

The ID of the request.

TotalCounts Integer 1

The total number of entries returned.

SAMLIdPCertificates Array of SAMLIdPCertificate

The SAML signing certificates.

SerialNumber String 159289587****

The serial number of the certificate.

Issuer String 1.2.840.113549.1.9.1=#160d696e666f406f6b74612e63****,CN=dev-xxxxxx,OU=SSOProvider,O=Okta,L=San Francisco,ST=California,C=US

The issuer of the certificate.

Version Integer 3

The version of the certificate.

CertificateId String idp-c-00dt9gnl7fmjaw9c****

The ID of the certificate.

PublicKey String MIIBIjANBgkqhkiG****

The public key of the certificate. The value of this paremeter is in the PEM format and is Base64-encoded.

SignatureAlgorithm String SHA256withRSA

The signature algorithm of the certificate.

NotAfter String 2030-06-23T07:04:37Z

The time when the certificate expires.

NotBefore String 2020-06-23T07:03:37Z

The time when the certificate was created.

Subject String 1.2.840.113549.1.9.1=#160d696e666f406f6b74612e63****,CN=dev-xxxxxx,OU=SSOProvider,O=Okta,L=San Francisco,ST=California,C=US

The subject of the certificate.

X509Certificate String MIIDpDCCAoygAwIBAgIG****

The X.509 certificate in the PEM format.


Sample requests

&<Common request parameters>

Sample success responses

XML format

HTTP/1.1 200 OK

			<Issuer>1.2.840.113549.1.9.1=#160d696e666f406f6b74612e63****,CN=dev-xxxxxx,OU=SSOProvider,O=Okta,L=San Francisco,ST=California,C=US</Issuer>
			<Subject>1.2.840.113549.1.9.1=#160d696e666f406f6b74612e63****,CN=dev-xxxxxx,OU=SSOProvider,O=Okta,L=San Francisco,ST=California,C=US</Subject>

JSON format

HTTP/1.1 200 OK

  "RequestId" : "400979BC-92EC-58B9-B47C-6913BD56A6FD",
  "TotalCounts" : 1,
  "SAMLIdPCertificates" : [ {
    "SerialNumber" : "159289587****",
    "Issuer" : "1.2.840.113549.1.9.1=#160d696e666f406f6b74612e63****,CN=dev-xxxxxx,OU=SSOProvider,O=Okta,L=San Francisco,ST=California,C=US",
    "Version" : 3,
    "CertificateId" : "idp-c-00dt9gnl7fmjaw9c****",
    "PublicKey" : "MIIBIjANBgkqhkiG****",
    "SignatureAlgorithm" : "SHA256withRSA",
    "NotAfter" : "2030-06-23T07:04:37Z",
    "NotBefore" : "2020-06-23T07:03:37Z",
    "Subject" : "1.2.840.113549.1.9.1=#160d696e666f406f6b74612e63****,CN=dev-xxxxxx,OU=SSOProvider,O=Okta,L=San Francisco,ST=California,C=US",
    "X509Certificate" : "MIIDpDCCAoygAwIBAgIG****"
  } ]

Error codes

For a list of error codes, visit the API Error Center.