Security Feature: Enable the ability to update Encryption Certificate in SSO setup

monday Apps & Developers Feature Requests - API and Apps Framework
1

For Security Compliance purposes - Huge companies have security requirements, such as the need to use encryption and signing certificates that are trusted by 3rd Party Root Authorities, in setting-up Single Sign-on, to encrypt and protect SAML assertions. Enabling the field to change the Encryption Certificate used in encryption will allow Monday.com to comply with these requirements, especially with the default certificate provided by Monday.com being self-signed, and is not trusted by a 3rd party Root Authority. This is akin to setting up a “Bring-your-own-Certificate” setup.

Since this is disabled by default, we are struggling to get compliance approval from our Security Architecture team, and have to go through an exception process just to get it officially approved.

2

Thank you @jquy131 for bringing this request :smile:

3

Hi @Matias.Monday ! Does this mean your team will plan on implementing this soon?

4

Hello there @jquy131,

This request is now visible to our team and people can vote for it in the top left corner.

This does not necessarily mean that it will be implemented soon.

If there are updates on the plans for it, we will update you here :smile: