SAP Knowledge Base Article - Public

3428891 - IP restriction to SAP X.509 certificates in security Center (API)


Customer want to confirm that the IP restriction is no longer needed when we use SAP X.509 certificate to authenticate. 

  • Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.


  • SAP SuccessFactors HXM Suite
    • Integrations
      • OData API

Reproducing the Issue

  1. Go to Security center and add X.509 certificates for authentication
  2. Check Password & Login Policy Settings
  3. Click on "Set API login exceptions..."


This is expected behavior from the system.  X.509 certificates is certificate base authentication and not user base.


When you use using X.509 certificate to authenticate IP restriction will not be consider.


IP restriction, X.509 certificates, security center, Password & Login Policy Settings, Set API login exceptions , KBA , LOD-SF-INT-API , API & Adhoc API Framework , Problem


SAP SuccessFactors HXM Core 2311 ; SAP SuccessFactors HXM Suite all versions ; SUCCESSFACTORS BIZX CORE 2405