/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PublicSymptom
When using X.509/mTLS certificate for authentication between SuccessFactors HCM Suite and IAS/IPS, the mTLS certificate generated by IPS by default is set to expire in a year from the date when it is created. Should the certificate in IPS be regenerated, reimported into source/target system?
“Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.”
Environment
SAP SuccessFactors HCM Suite
Resolution
There's the option to enable Automatic Regeneration so that mTLS certificate will be regenerated upon expiration:
-
If you are using mTLS certificate based authentication between IAS and IPS:
-
-
In IAS/IPS Admin Console, go to Identity Provisioning --> Target Systems, locate the IAS tenant integrated with the current IPS tenant > Go to Outbound Certificate tab, set the radio button for Automatic Regeneration from OFF to ON:
-
With this “Automatic Regeneration” option enabled, the certificate will be automatically regenerated within 14 days prior to its expiration. This will not work for SuccessFactors HCM Suite, for SuccessFactors Source the manual re-import is needed.
This “Automatic Regeneration” option is supported for IPS tenants running on SAP Cloud Identity Service infrastructure. If your IPS tenants are still on the NEO infrastructure, please upgrade to SAP Cloud Identity Service infrastructure then enable this option.
If you are still using basic authentication between IAS/IPS and SuccessFactors HCM Suite, we recommend that you migrate to X509/mTLS certificate based authentication as early as possible. For information regarding the migration, please refer to this blog
See Also
Generate and Manage Certificates for Outbound Connection | SAP Help Portal
Upgrade to X.509 Certificate-Based Authentication for Incoming Calls
Blog post: Secure your SuccessFactors to IAS/IPS integration by migrating to mTLS cert based authentication
Keywords
mTLS certificate, x.509 certificate, IPS certificate, expiration certificate , KBA , LOD-SF-PLT-IAS , Identity Authentication Services (IAS) With BizX , BC-IAM-IDS , Identity Authentication Service , BC-IAM-IPS , Identity Provisioning Service (IPS) , How To
Product
Attachments
| Pasted image.png |
| Pasted image.png |
| Pasted image.png |
| Pasted image.png |
| Pasted image.png |
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)