2088838 - How to Update SSO Certificates/Tokens in SuccessFactors HCM Suite

• How to change an SAML v2 certificate
• What is the process for updating an SSO certificate or token?
• Can multiple/rolling IDP signing certificates be configured in SuccessFactors?

SAP SuccessFactors HCM Suite

The process to update a security certificate/token is done in Provisioning. Only Partners and Support have access to Provisioning. Please contact your Implementation Partner, provide the certificate for them and requesting the change.

If you don't have an Implementation Partner, please follow the process below:

1. Open an case with Customer Support selecting the component LOD-SF-PLT-CER
2. Attach on the case the new Signing certificate/token in a plain text format or .cert format
3. Provide the availability of your IT team or specialist to have a meeting with SuccessFactors to execute a simultaneous replacement of the certificate on both sides

Notes:

• The process usually takes about 30 minutes to install and verify. But, for proper planning on Support end, please raise these tickets at least 5-7 working days ahead of time.
• This meeting will need to be scheduled during regular business hours. We don't update certificates on weekends.
• Please request the meeting time and we will get back to you with the invitation details
• Only one IDP signing certificate can be configured in SuccessFactors at one time. It is not possible to add multiple/rolling signing certificates in provisioning.
• Partners, follow instructions in KB article 2317944 - SAML 2.0 Provisioning Guide - Troubleshooting Tips and Tricks - Common Errors and Resolutions > section How to Update the SAML verifying certificate?

IMPORTANT:
For those customers still using the old SSO certificate AND not integrated with SAP Cloud Identity Services – Identity Authentication, users will no longer be able to access SAP SuccessFactors HCM suite, causing downtime for the system. Therefore, we are requesting all SAP SuccessFactors HCM suite SSO customers not yet integrated with the Identity Authentication service to migrate to Identity Authentication or renew the certificate.

Deprecation of Basic Authentication and Third-Party Corporate Identity Provider (IdP) Direct Integration with SAP SuccessFactors | SAP Help Portal

 Deprecation of Basic Auth/3rd Corporate Identity P... - SAP Community

Deprecation of SAP SuccessFactors Single Sign-On Certificate | Help Portal

sf, success factors, bizx, biz x, SSO, SAML2, SAML v2, signing certificate, expired, expiration, format, cert, Renewal of Single-Sign-On , KBA , LOD-SF-PLT-CER , SAML Certificate Change , How To