SAP Knowledge Base Article - Public

2088838 - SSO Certificates / Tokens - How to Update - BizX Platform


  • Process for updating SSO certificate or token
  • How can I get my SAML v2 certificate updated
  • I'll need to renew our SSO x.509 cert soon.
  • How should I proceed to change our DES/3DES token?
  • My x509 certificate will be expiring on xx/xx/xx. How do I provide the new certificate and get it added to my instance?
  • Can we configure multiple / rolling IDP signing certificates in SuccessFactors?


  • SAP SuccessFactors HCM Suite
  • BizX Platform
  • Single Sign On (SSO)


The procedure to update a security certificate or token is as follows:

  1. Open a Support case through
  2. Attach the new certificate / token in a plain text format or .cert format 
  3. Provide some times that your IT team or specialist is available to have a meeting with SuccessFactors to execute a simultaneous replacement of the certificate on both sides.
    • Please note that this process usually takes about 30 minutes to install and verify.
    • This meeting will need to be scheduled during regular business hours. We don't update certificates on weekends/ Friday night.
    • Please request the meeting time and we will get back to you with the invitation details.

Note: Only one IDP signing certificate can be configured in SuccessFactors at any one time. It is not possible to add multiple / rolling signing certificates in provisioning.


SSO, SAML2, SAML v2, Signing certificate, Update, expired, expiration, format , KBA , LOD-SF-PLT , Foundational Capabilities & Tools , LOD-SF-PLT-SSO , Single Sign-on , How To


SAP SuccessFactors HCM Suite all versions