tigergraph · AyeshaFirdausTG · Jun 18, 2026 · Jun 18, 2026
diff --git a/modules/user-access/pages/sso-with-saml.adoc b/modules/user-access/pages/sso-with-saml.adoc
@@ -369,6 +369,25 @@ used when returning a <Response> message.
 
 |===
 
+=== Bypass certificate validation
+
+TigerGraph validates the X509 certificate of SAML-based SSO. If the 
+certificate is invalid or expired, GSQL will fail to load the SAML 
+configuration and SSO will not work.
+
+You can set the `DISABLE_SAML_CERTIFICATE_CHECK` environment variable to bypass certificate validation.
+When this variable is enabled, GSQL will treat invalid certificates, including expired ones, as valid.
+
+Run the following commands to enable this setting:
+
+[source,console]
+----
+$ gadmin config set GSQL.BasicConfig.Env "$(gadmin config get GSQL.BasicConfig.Env) DISABLE_SAML_CERTIFICATE_CHECK=true; "
+$ gadmin config apply -y
+$ gadmin restart gsql -y
+----
+
+
 == Create user groups with proxy rules to authorize single sign-on users
 
 In order to authorize single sign-on users, you need create user groups with proxy rules and grant roles on graphs for the user groups.
@@ -539,3 +558,9 @@ Usually the text is self-descriptive.
 Follow the error message and try to fix TigerGraph or your identity provider's configuration.
 
 If the problem persists or if you encounter any errors that are not clear, please https://tigergraph.zendesk.com/hc/en-us/[open a support ticket].
+
+=== SAML configuration could not be loaded
+
+If your SAML configuration fails to load, check your certificates, metadata, and required parameters in your SAML settings.
+To bypass certificate validation errors, set `DISABLE_SAML_CERTIFICATE_CHECK=true` using the configuration commands in
+xref:_Bypass_certificate_validation[Bypass certificate validation].