Symptom
- How to change an SAML v2 certificate
- Steps for updating an DES/3DES token
- What is the process for updating an SSO certificate or token?
- Can multiple/rolling IDP signing certificates be configured in SuccessFactors?
Environment
SAP SuccessFactors HXM Suite
Resolution
- The process to update a security certificate/token is done in Provisioning. Only Partners and Support have access to Provisioning.
- Please contact your Implementation Partner, provide the certificate for them and requesting the change.
- If you don't have an Implementation Partner, please follow the process below:
- Open an case with Customer Support selecting the component LOD-SF-PLT-CER
- Attach on the case the new Signing certificate/token in a plain text format or .cert format
- Provide the availability of your IT team or specialist to have a meeting with SuccessFactors to execute a simultaneous replacement of the certificate on both sides
Notes:
- The process usually takes about 30 minutes to install and verify. But, for proper planning on Support end, please raise these tickets at least 5-7 working days ahead of time.
- This meeting will need to be scheduled during regular business hours. We don't update certificates on weekends.
- Please request the meeting time and we will get back to you with the invitation details
- Only one IDP signing certificate can be configured in SuccessFactors at one time. It is not possible to add multiple/rolling signing certificates in provisioning.
- Partners, follow instructions in KB article 2317944 - SAML 2.0 Provisioning Guide - Troubleshooting Tips and Tricks - Common Errors and Resolutions > section How to Update the SAML verifying certificate?
See Also
KB article 2317944 - SAML 2.0 Provisioning Guide - Troubleshooting Tips and Tricks - Common Errors and Resolutions
Keywords
sf, success factors, bizx, biz x, SSO, SAML2, SAML v2, signing certificate, expired, expiration, format, cert , KBA , LOD-SF-PLT-CER , SAML Certificate Change , How To
Product
SAP SuccessFactors HXM Suite all versions