You may now pick an encryption certificate for service provider initiated single sign-on (SSO) and the certificate will be displayed in the '''Service Provider (SP) Metadata''' field. If enabled, incoming assertions will be decrypted using the selected certificate. If you opt to use this feature, you will be required to upload the identity provider (IdP) encryption certificate to '''Integration Key Management''' and select the certificate in your SSO setting. This will be used to decrypt incoming assertion.
To see the new settings, navigate to '''Menu Icon''' > '''Global Settings''' > '''Integrations''' tab > '''Single Sign-On''' > Edit a configuration > Under '''Third-Party Identity Provider''', select "Service Provider (SP) initiated" for '''Method'''. [[File:2023-11-ticket-144700-1.png|thumb|none|800px|You may pick an encryption certificate for service provider initiated single sign-on (SSO). Note: you will be required to upload the identity provider (IdP) encryption certificate in Integration Key Management.]]
<!-- 144700 - SSO encrypted assertion support? -->