added configure alternative certificate section

stacyspiva · stacyspiva · commit 684f54c9092e · 2020-08-07T12:20:00.000-07:00
diff --git a/docs/programs/single-sign-on-sso-via-saml.md b/docs/programs/single-sign-on-sso-via-saml.md
@@ -22,7 +22,7 @@ HackerOne supports Single Sign-On (SSO) through Security Assertion Markup Langua
 
 ### Set Up
 To configure Single Sign-On via SAML:
-1. Go to: **Program Settings > General > Authentication**.
+1. Go to **Program Settings > General > Authentication**.
 2. Click **Setup SAML** in the *Single Sign-on with SAML* section.
 
 ![saml setup](./images/saml-daisy-1.png)
@@ -69,3 +69,25 @@ Here are some screenshots that provide additional details on Service Provider an
 ![saml1](./images/saml-1.png)
 
 ![saml_2](./images/saml-2.png)
+
+### Configure an Alternative Certificate
+If you need to switch your identity provider or if your current X509 certificate fingerprint is expiring, you can configure an alternative certificate to avoid having your users reset their passwords during the update.
+
+> **Note:** Only the admin of the program has the ability to configure the alternative certificate.
+
+To configure an alternative certificate:
+
+1. Go to **Program Settings > General > Authentication**.
+2. Click **configure** next to **X509 alternative certificate**.
+
+![Authentication settings page with SAML configured](./images/alt-certificate-1.png)
+
+3. Enter the alternative certificate in the **Configure alternative certificate** window. 
+
+![configure alternative certificate modal ](./images/alt-certificate-2.png)
+
+4. Click **Save**.
+
+You can choose to make your alternative certificate to become your primary by clicking **Promote alternative certificate to primary certificate**.
+
+![authentication settings page with alt certificate configured](./images/alt-certificate-3.png)
