You may've gotten a notice that Cisco Webex Teams is set to use a new certificate because the old one is expiring. You can read about the process .

To prevent outages, Webex Teams is notifying admins of the need to update the metadata in their IdP. The new metadata file can be downloaded from Webex Teams when going through the SSO update process (started from the home page of https://admin.webex.com). The new metadata file from Webex Teams currently has both the old and the new certs that are listed, which creates a problem with ADFS since it only allows a single cert to be presented during the login process.

Here is an easy option to get the relying party trust to update with the correct info, prevent an outage, and avoid extra steps in ADFS.

Install the new certificate that Webex Teams will be using into the relying party trust. Open the options for the Webex Teams relying party trust (it might be labeled as Spark), and select Signature .

Click Add . You'll be prompted to locate the certificate, and then upload it. You can then delete the old certificate. ADFS is now updated with the new certificate.

If you have an Encryption Certificate that is uploaded to the Relying Party Trust, then we recommend that you update that certificate as well.

If you have already hit the ADFS error, and removed the Teams Relying Party Trust, you must delete the old Symantec certificate that is stored in the metadata file, then use it to create a new Relying Party Trust. The Symantec certificate ends in 5pdnN3O8= . You will need to remove the Key Identifier tags to avoid issues with ADFS reading it.

No updates are required to be made in Cisco Webex Control Hub. SSO should continue to work as expected. If there are any issues, contact support for further help.