SAP Knowledge Base Article - Public

3109900 - How to update Certification SHA-256


SAP is updating the signing certificates for all SAML SSOs from SAP Employee Central to SAP partners. This update provides a more secure signature algorithm and adopts best practice security for the SAML SSO. However, to ensure that this change occurs seamlessly, action is needed within WorkForce Software.


Not required for WorkForce Suite with the WorkForce Hub.
Eligible for all other Workforce software solutions.


Removal of older SHA-1 certificate for more Security 


Following steps need to be followed in order to update the certificate:-

  1. Open ticket with SAP via SAP Launchpad with component 'XX-PART-WFR-SRV'
  2.  Ticket will be forwarded to Workforce
  3.  Date & Time for the upgrade will be decided
  4.  New metadata file will be provided by customer to workforce
  5.  Workforce will apply the file
  6. Testing will be done
  7.  SHA-256 is running on the system.

    For more information, please follow the below link:-

See Also

3072974 - UI Integration: Manual configuration for migration from SHA-1 to SHA-256


SHA-1, SHA-256, security certificate, patch, SSO Connection, single sign on , KBA , XX-PART-WFR , Workforce Software , How To


SAP SuccessFactors HXM Core 2105