Case by cases basis, historical issue when SSL Certs weren't configured in a standard way
Navigate to an SSO enabled login page in the Knack builder, typically the Home Login page is a good candidate, and navigate to the Settings.
Select the pencil icon for the Single Sign On to open the modal page with the settings
In this scenario, since we already have the app setup in Azure with CTM, the Identity Provider's certificate will stay as is and we make no changes to the Private signing certificate. We are simply taking the Decryption private and public certificates saved in 1Password as Self-Signed x509 SSL Certificates for SAML/ADFS and adding them here. Be sure to clear the boxes before adding the formatted certificates.
And be sure to Save.
If for some reason the Identity Provider's certificate is missing or needs to be re-added, these are saved in 1Password as Knack ADFS X.509 IP Certificates for each app.
Copy the IP Cert for the app you need and paste into the Identity Provider's certificate box. These certificates should be saved formatted with headers already.
