Update/Replace SAML Certificate

1. Generate a new certificate: Create a new SAML certificate to replace the expiring one. Ensure that the new certificate meets the necessary requirements, such as key length and algorithm compatibility.

2. Update the certificate in Azure AD: Go to the Azure portal, navigate to the Azure Active Directory section, and locate the Enterprise Applications or App Registrations area where your Workspace ONE Access integration is configured. Update the SAML signing certificate with the new one. 

Home>Entra ID Directory > Enterprise applications>All applications> (your ws1 application name)

3. Update the certificate in Workspace ONE Access: Access the Workspace ONE Access console and update the SAML configuration with the new certificate. This typically involves uploading the new certificate to the identity provider settings within Workspace ONE Access.

Workspace one Access Admin console>  Integrations > Identity providers > process metadata and save

Only if the session expires will they need to authenticate.