Important Note: SAML Certificate Upgrade vs. SHA Upgrades
NOTE: Application SHA updates are not related to or the same as upgrading SAML certificates. This article is only related to Application SHA Updates. If you wish to upgrade the SAML certificate of an Application Instance from SHA1 to SHA256 you may do so today by following the instructions found at this Knowledge Base article.
Application SHA Updates Overview
Okta’s service provides our customers with a secure environment that adheres to leading practices from the Security Industry. Okta has identified several Okta (OAN) SAML applications which leverage SHA1 Digital Signatures and Digest Algorithms as part of the assertion. Okta will be converting these SAML applications to SHA256-based algorithms over the course of the next few months.
This change only impacts the Digital Signature and Digest Algorithms embedded within the SAML assertion. The certificate associated with an Okta tenant and shared with SAML service providers will not change as a function of this application change.
Testing and Implementation
Okta is testing each application prior to moving it into production. However, testing is limited to verifying the SAML assertion contains the correct SHA256 Digest Algorithm and Digital Signature Algorithm. Okta cannot test the end-to-end SAML authentication flow to ensure the Service Provide supports SHA256 Digest Algorithms and/or Digital Signature Algorithms.
SHA256 Application Migration FAQ
If you have further questions regarding the upcoming SHA256 Application migration, please review the following FAQ, or contact Okta Customer Support.
Application Update Schedule
Multiple applications will be updated each week to the new SHA standard.
November 28 - December 2, 2016
December 5-9, 2016
December 12-16, 2016
December 19-23, 2016
January 9-13, 2017
January 16-20, 2017
January 23-27, 2017
January 30 - Feburary 3, 2017