SAP Knowledge Base Article - Public

2088838 - SSO Certificates/Tokens - How to Update - BizX Platform


  • Process for updating SSO certificate or token
  • How can I get my SAML v2 certificate updated
  • How should I proceed to change our DES/3DES token?
  • Can we configure multiple/rolling IDP signing certificates in SuccessFactors?


SAP SuccessFactors HCM Suite


The process to update a security certificate/token is done in Provisioning. Only Partners and Support have access to Provisioning. The first option to update is to contact your Implementation Partner providing the certificate for them and requesting the change. If you don't have an Implementation Partner, please follow the below process:

  1. Open an incident with Customer Support selecting the component LOD-SF-PLT-CER;
  2. Attach on the incident the new certificate/token in a plain text format or .cert format;
  3. Provide the availability of your IT team or specialist to have a meeting with SuccessFactors to execute a simultaneous replacement of the certificate on both sides.


  • The process usually takes about 30 minutes to install and verify.
  • This meeting will need to be scheduled during regular business hours. We don't update certificates on weekends.
  • Please request the meeting time and we will get back to you with the invitation details
  • Only one IDP signing certificate can be configured in SuccessFactors at one time. It is not possible to add multiple/rolling signing certificates in provisioning.


SSO, SAML2, SAML v2, Signing certificate, Update, expired, expiration, format , KBA , LOD-SF-PLT-CER , SAML Certificate Change , How To


SAP SuccessFactors HCM Suite all versions