For identity providers, certificates used by Common Services and AD FS are used during user authentication.
Common Services certificates are called authentication keys, and AD FS certificates are called Token certificates.
Each certificates has an expiration date and certificates are automatically updated according to a defined interval (in days).
However, when a certificate is automatically updated, a discrepancy arises between the new certificate and the certificate that was registered when the link with the identity provider was configured. For this reason, you will no longer be able to log in to Common Services by using the user account of the identity provider. To prevent this problem, you must check the date of the next update of the certificate and update the certificate before its expiration date.
If it is inconvenient to update the authentication key of Common Services immediately, you can temporarily suppress the update by increasing the number of days set as the update interval. Although you can also change the update interval of AD FS Token certificates, the change is not applied to the certificates currently used. The new update interval is applied to the certificates that will be updated next time.