SAP SuccessFactors What's New Viewer

Application Name and SHA-256 Added to Authorized Service Provider Assertion Consumer Services (ACS) Provisioning Settings

You can now select an application name and indicate that the Assertion Consumer Services (ACS) entry is using the SHA-256 Certificate signing mechanism.

Users with access to the SAP SuccessFactors Provisioning are able to select an Application Name in the dropdown menu and select the checkbox to indicate that the ACS entry is using the SHA-256 Certificate signing mechanism. If the checkbox isn't checked, it indicates that the entry is using SHA-1 by default. It's recommended that all new ACS entries use the SHA-256-based signature, if supported by the downstream applications, for better security. It's also recommended that you select an Application Name and choose the SHA-256 option for the existing ACS entries. In addition, there’s a new download link Download SuccessFactors IdP metadata with SHA-256 Certificate, which allows the user to download the Identity Provider (IdP) metadata.

The change to SHA-256 is needed to provide more security for Assertion Consumer Services (ACS) as SHA-256 offers increased security as compared to SHA-1-based signatures.

The link to the Partner blog contains full details on adopting SHA-256 for existing ACS and new ACS entries for the following downstream applications: SAP Jam, Employee Central Payroll, Onboarding 1.0, Recruiting Posting, Workforce Analytics, and SAP Business Technology Platform. Impact of change from SHA-1 to SHA-256 for Internal ApplicationsInformation published on SAP site

When SAP SuccessFactors Learning integrations are implemented, keep the following considerations in mind:
  • Don't enable or disable the SHA-256 flag for the Learning ACS URL in Provisioning.

  • New SAP SuccessFactors Learning and SAP SuccessFactors platform integrations must be set up to only use SHA-1.

  • When moving a tenant from one pool to another pool, preserve the value of the SHA-256 flag for Learning ACS URL in Provisioning.

What's Changed

In the current version:

  • There's a new download link, Download SuccessFactors IdP metadata with SHA-256 Certificate, which allows the user to download the Identity Provider (IdP) metadata.

  • There’s a new Application Name dropdown menu for the ACS entry.

  • There's a new checkbox to select the SHA-256 Certificate signing option.

In the previous version, these options weren’t available.

Technical Details

Reference Number

PLU-3797

Type

Changed

Configuration Type

Provisioning Opt-in

Lifecycle

General Availability

Module

  • Platform
  • Learning

Feature

Identity Management

Major or Minor

Minor

Link to Demo

Software Version

1H 2021

Valid as Of

2021-05-21

Latest Document Revision

2021-06-18