cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SSO Certificate Renewal process for SAP SuccessFactors

karthik1gobburu
Participant

‎2025 Feb 18 8:42 AM - edited ‎2025 Feb 18 8:43 AM

0 Kudos
143

Hello Everyone-

My customer is using Grand ID as a IDP to login to SAP SuccessFactors. As per Deprecation of SAP SuccessFactors Single Sign-On Certificate | SAP Help Portal SSO certificate will expire soon.

I followed Renewal of SAP SuccessFactors HCM suite Single-Sig... - SAP Community and tried updating the SSO certificate in IDP but system shows an error as below, I followed below steps -

 

karthik1gobburu_0-1739867722937.png

Step 1- Went to Public API url and found the latest SSO certificate -  

 

karthik1gobburu_1-1739867878945.png

Step 2- Went to Grand ID IDP site and copy pasted the above in certificate place.

 

1-Please let me know if this is correct process, Also do i need to upload OR  copy paste the above certificate in IDP

2-If i ask the customer to migrate to IAS then what is the process & will customer be able to use both Grand ID and IAS together.

I am positing this question after asking SAP about this.

 

SAP has told me that problem is from IDP side only

 

 

 

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies
View Entire Topic
dyaryura
Contributor
‎2025 Feb 19 11:58 AM
0 Kudos

Hi

The correct decision would be to migrate to IAS. There's a whole community about this migration. You can start here to understand the process

https://help.sap.com/docs/SAP_SUCCESSFACTORS_PLATFORM/568fdf1f14f14fd089a3cd15194d19cc/53aad36ddbf24...

the main community is here and they schedule calls parodically to answer questions about this migration to customers and partners. not sure if they still have calls at this point.

https://community.sap.com/t5/product-and-customer-updates/migration-to-sap-cloud-identity-authentica...

The migration is not complex but you need to evaluate some things depending on the customer landscape. i.e how many instances do you have and how many IAS tenants you need. How will you manage PWD based access for non-SSO users if you have such scenario, etc. 

IAS in your scenario probably will be used just as a proxy if you want to maintain your IDP. This means that when a user logs to SF will be redirected to IAS first but IAS will then authenticate the user with your IDP. The SSO Users should not see any impact, there are still authenticating with your IDP but behind the scenes you use IAS as a proxy

Hope it Helps

Diego

 

Show replies
Show replies
Ask a Question