From Microsoft: https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/tutorial-manage-certificates-for-federated-single-sign-on
These certificates tend to last for 3 years. Here is how you renew the certificate.
Step 1: In Azure go to Single sign-on in the NetDocuments Enterprise Application
Step 2: Under SAML Signing Certificate click Edit
Step 3: Click New Certificate
Step 4: Click Save
Step 5: Next to the new Certificate click … and then Make Certificate active
WARNING!!! THIS STEP WILL BREAK SINGLE SIGN ON WITH NETDOCUMENTS. MAKE SURE YOU CAN COMPLETE THE FOLLOWING STEPS IMMEDIATELY
Step 6: Download the Federated Metadata XML
Step 7: In NetDocuments Admin –> User & Groups –> Federated ID
Step 8: Upload the Metadata file you downloaded.
