Expired SAML certificate issue with Federated MS domain and Google Workspace.

Question

Hi, we need help fix our Microsoft federated domain. Was federated to Google Workspace, but the SAML certificate from Google expire on that side (IdP).

The @domain.onmicrosoft.com accounts are not recognized and there is no break glass account.

Thanks!

Pablo

Answer 1

Hi @PABLO

Thank you for posting this in Microsoft Q&A.

If you are blocked entirely, you can reach out to our support team. You can look into below article to get support numbers depending on your country.

https://support.microsoft.com/en-us/topic/global-customer-service-phone-numbers-c0389ade-5640-e588-8b0e-28de8afeb3f2

or creating a ticket through a different account:   https://learn.microsoft.com/en-us/microsoft-365/admin/get-help-support?view=o365-worldwide#phone-support

While creating a ticket with Microsoft support team. Give them the tenant ID which is locked out in your description. Tell them that no admin account has access anymore and your partners also have no access anymore.

Once you create a ticket with support team you will have to work with our data protection team. You will have to first prove your identity against your tenant for security purpose. Post that this team will help you with help you in getting access to your tenant or unlock your account depending on your scenario.

Also, for the future, you can create an emergency access account (break glass) in Azure AD. This account will help prevent being accidentally locked out of your Azure Active Directory (Azure AD) organization because you can't sign in for any reason.

https://docs.microsoft.com/en-us/azure/active-directory/roles/security-emergency-access

Hope this helps. Do let us know if you any further queries.

Thanks,

Navya

If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.