diff --git a/modules/ROOT/pages/configure-saml.adoc b/modules/ROOT/pages/configure-saml.adoc
index 7fdd77b4a..9467a65d4 100644
--- a/modules/ROOT/pages/configure-saml.adoc
+++ b/modules/ROOT/pages/configure-saml.adoc
@@ -119,7 +119,7 @@ Make a note of all of the redirects within the SAML workflow. Each server must b
 To configure SAML SSO authentication on the ThoughtSpot embedded instance, complete the following steps:
 
 * xref:configure-saml.adoc#admin-portal[Enable SAML authentication on ThoughtSpot with IAMv1]
-* xref:configure-saml.adoc#IAMv2[Enable SAML authentication on ThoughtSpot with IAMv2] (Requires assistance from ThoughtSpot Support)
+* xref:configure-saml.adoc#IAMv2[Enable SAML authentication on ThoughtSpot with IAMv2]
 * xref:configure-saml.adoc#idp-config[Configure the IdP server for SAML authentication]
 * xref:configure-saml.adoc#auth-config-sdk[Enable SSO authentication in Visual Embed SDK]
 * xref:configure-saml.adoc#saml-redirect[Add SAML redirect domain to the allowed list in ThoughtSpot]
@@ -261,6 +261,27 @@ link:https://docs.thoughtspot.com/cloud/latest/saml-okta#_enable_saml_authentica
 You can map your SAML groups,or groups and Orgs from your IdP to your ThoughtSpot. This means that you do not have to manually recreate your groups and Orgs in ThoughtSpot if they are already present in your IdP.
 Refer to link:https://docs.thoughtspot.com/cloud/latest/saml-group-mapping[Configure SAML group mapping, window=_blank].
 
+[#update-idp-cert-iamv2]
+=== #Update your IdP certificate#
+If your IdP certificate expires or is rotated, you can update it in the ThoughtSpot UI.
+ThoughtSpot IAMv2 supports self-serve certificate management — changes take effect immediately after you save.
+
+To update your IdP certificate:
+
+* Go to *Admin* > *User management* > *Authentication*
+* Navigate to your SAML connection and click the **More** menu image:./images/icon-more-10px.png[the more options menu] > *Edit*
+* In the *IDP provider certificate* field, replace the existing certificate with the new certificate file from your IdP.
++
+[NOTE]
+====
+Download the raw certificate file from your IdP settings page.
+The accepted format is `PEM / .cer / .crt`.
+====
+* Click *Save*.
+
+Your users can sign in using the updated certificate immediately.
+If users experience sign-in failures after a certificate rotation, verify that the certificate in ThoughtSpot matches the certificate currently active on your IdP.
+
 
 [#idp-config]
 === Configure the IdP server for SAML authentication