Thanks for your feedback.

Contributed by Josue Vizcaino, Cisco TAC Engineer

ISSUE
The single Sign-On certificate has expired, and you cannot access admin.webex.com, web.webex.com, or the Webex app.

RESOLUTION
The Self-Recovery option enables users to securely update or disable Single Sign-On using a protected backdoor API.

Self-Recovery via Admin Portal

1. Open an incognito browser tab.
2. Navigate to admin.webex.com/manage-sso.
3. Enter the admin email and select Send One Time Password.
    
4. A One Time Password (OTP) PIN will be sent from webex_comm@webex.com.
5. Enter the OTP received and click the Sign In button.
6. Choose one of the options below:
   • Option 1: Disable SSO
   • Option 2: Update the certificate and download metadata as needed.

Option 1: Disable SSO

1. Select the toggle Modify your organization's SSO authentication.
2. Confirm the action and select the Deactivate button.
3. Single Sign-On is successfully disabled, and basic Webex authentication is in place.

Option 2: Update Certificate

1. Choose a Certificate and upload the updated IdP Metadata file.
2. Click the Test SSO setup button.
3. Once Single Sign-On succeeds, it is safe to Sign Out from the Manage-SSO portal.

If Options 1 and 2 do not resolve the issue, don't hesitate to contact Cisco TAC for more help.

CAUSE

• IdP or SP certificate has expired.
• Misconfiguration in the Single Sign-On setup.
• Outage affecting Single Sign-On services.