3423003 - Handling of mTLS certificate expiration between IAS/IPS and SuccessFactors HCM Suite

There's the option to enable Automatic Regeneration so that mTLS certificate will be regenerated upon expiration: 

If you are using mTLS certificate based authentication in the IPS source/target system for the SuccessFactors：

• In IAS/IPS Admin Console, please go to Identity Provisioning -> Target/Source Systems, locate the associated IPS system for the SuccessFactors.
• Then go to Outbound Certificate tab, set the radio button for Automatic Regeneration from OFF to ON. 

With this “Automatic Regeneration” option enabled, the certificate will be automatically regenerated within 14 days prior to its expiration. The renewed certificate is not required to import in SF again. 

This “Automatic Regeneration” option is supported for IPS tenants running on SAP Cloud Identity Service infrastructure. If your IPS tenants are still on the NEO infrastructure, please upgrade to SAP Cloud Identity Service infrastructure then enable this option.  

If you are still using basic authentication between IAS/IPS and SuccessFactors HCM Suite, we recommend that you migrate to X509/mTLS certificate based authentication as early as possible. For information regarding the migration, please refer to this blog