Expand my Community achievements bar.

Upgrading from SHA-1 Directory to a SHA-256 setup

Avatar

Employee

Recently Adobe released this new feature where you can upgrade to using a SHA-256 configuration in the Admin console.

First question that I always get asked: How can I tell if don't already have a SHA-256 setup?

Great questions! As of November 14th 2019 any directories created at this point in the Admin console would automatically be SHA-256. So chances are if you are looking to renew your cert, or want to move the this new setup that you are going to want to do one of two options. For those of you who have certs expiring this year please open a ticket with the appropriate Client Care teams. So teams can see what setup that you have see if its something we can simply update the cert in the Admin console or if its going to need to involve moving you manually to the SHA-256 setup. We do have a feature coming to auto this but for those of you who are Pilot programmed in then we will want to do this manually.

Here is how this works:

1. You create a new directory I like to label them as <domain.com> SHA-256 Directory so I can see that this is the new one. We can go back and relabel this later.

This is going to create the new intergration its going to give you up front our brand new XML file. Download this file. Pass it to your IDP team ask them to  "Clone" your IDP setup which they may or may not need you to file paperwork for if they do and you need help let me know. Give them our new XML file this is going to have all our new details.

2. Get the IDP teams new XML file and bring it back to the Admin console. Upload this file. This makes it so we have the Directory in place.

3. When you determine you have a safe window to do so here is where things get a little crazy. We are going to use the Domain transfer functionality described here:

Set up user identity in the Adobe Admin Console  You simple go to Domains Select the Directory and then move said domain to the Newly created Directory labeled <domain.com> SHA-256 Directory. This can take some time. What this is going to do is move the domains AND the Users so if you have a ton of users understand this is going to take some time. For those of you who are "trusting" your domains please reach out to support before you attempt this yourself. But for those of you who just have a single Cloud this will get you up and running on the new setup.

Hope this helps!

Kerry Nelson

0 Replies