SHA Application Update Schedule Skip to main content
https://support.okta.com/help/oktaarticledetailpage?childcateg=&id=ka0f0000000u8a6kak&source=documentation&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fdocumentation%2fknowledge_article%2fsha-application-update-schedule
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
SHA Application Update Schedule
Published: Oct 18, 2016   -   Updated: Jun 22, 2018

Important Note: SAML Certificate Upgrade vs. SHA Upgrades

NOTE:  Application SHA updates are not related to or the same as upgrading SAML certificates.  This article is only related to Application SHA Updates. If you wish to upgrade the SAML certificate of an Application Instance from SHA1 to SHA256 you may do so today by following the instructions found at this Knowledge Base article.  
Click here for the section of the article with instructions specifically for SHA Upgrades.

Application SHA Updates Overview

Okta’s service provides our customers with a secure environment that adheres to leading practices from the Security Industry. Okta has identified several Okta (OAN) SAML applications which leverage SHA1 Digital Signatures and Digest Algorithms as part of the assertion.  Okta will be converting these SAML applications to SHA256-based algorithms over the course of the next few months. 

This change only impacts the Digital Signature and Digest Algorithms embedded within the SAML assertion.  The certificate associated with an Okta tenant and shared with SAML service providers will not change as a function of this application change.  

PLEASE NOTE:  The expected schedule is listed below, however it is possible some things may change periodically.  This article will receive weekly updates of any changes that may arise.    

Testing and Implementation

Okta is testing each application prior to moving it into production.  However, testing is limited to verifying the SAML assertion contains the correct SHA256 Digest Algorithm and Digital Signature Algorithm.  Okta cannot test the end-to-end SAML authentication flow to ensure the Service Provide supports SHA256 Digest Algorithms and/or Digital Signature Algorithms.  
In cases where the Service Provider does not support SHA256 Digest Algorithm and/or Digital Signature Algorithms, the SAML assertion will fail and you will need to contact Okta Customer Support to revert the SAML application change.

SHA256 Application Migration FAQ

If you have further questions regarding the upcoming SHA256 Application migration, please review the following FAQ, or contact Okta Customer Support.

Application Update Schedule

Multiple applications will be updated each week to the new SHA standard.  

Applications which have *asterisks* are applications which did not transitioned as originally scheduled.  A table has been added to the bottom of this article for applications that did not follow the original schedule plan.

Below is the full list of applications scheduled to be updated by Friday of each week:

November 28 - December 2, 2016

Application Name    

workforcesoftware
*surveymonkey*
*skillsoft_skillport*
*espensewatch*
*namely*

city_lighting
benefit_focus
*elogiclearning*
taleo_enterprise
*benetrac*
teachscape
Cherwell
*mindtouch_saml*
silkroadredcarpetsaml
webdam
*igloo*
aspera
birst
*rypple*
*huddle*

December 5-9, 2016

Application Name

sumtotal_systems
blackboard
trello_saml
*halogensaml*
*reflektive*
*jamasoftware*
officespacesoftware
*sumtotal_learningmaestro*
exacttarget
hostanalytics
brainstormquickhelp
*facebook_at_work*
*quandora*
*securingthehuman*

tangoe
replicon
eventboardsaml
ringcentral_saml
cotap (Zinc)
getabstract

December 12-16, 2016

Application Name

*adobe_cq*
*quip*
*versionone*

*postini*
syncplicity
attask
lyndacom
*crashplanpro*
*openair*

egencia
wombat
lucidchart
*accellion*
silkroad
15five
*jenkins*

December 19-23, 2016

Application Name

*generic_saml*
*smartsheet*
*jobvite*

peoplefluent
*samanage*
*sumologic*
*github_enterprise*
*tableau*
*cornerstone*
*ultipro*

 

January 9-13, 2017

Application Name

*topdesk*
*tinfoilsecurity*

yourcause
zoho
zoomforth
aclgrcsaml
ancile_ualign
corpedia
culturewizard
cvent
daptiv
*docebo*
getthere
introhive
*kaseya_saml*
mycomplianceofficesaml
*peoplehr*
*portalfcmtravel*
*saleshood_saml*

January 16-20, 2017

Application Name

schoolzilla
talentwise_saml
towers_watson_case_management
yourcausesaml
benefitsolversaml
bibamessenger
brightfundssaml
centraldesktop
dishnetwork_infocenter
*emarketer_saml*
everbridgemanager
ibm_gers
intuitquickbase
knowbe4
prounlimited
rdlogic
*socialcast*
*sumtotal_mylearn*
volunteermatch

January 23-27, 2017

Application Name

whitehatsecurity_saml
zohosaml
absorblms
bswift
*bullhorn*
changepoint
*dynamic_signal*
eloqua
*geolearning*
leankit
sapnetweaversaml
*saucelabs*
selectica
*aribacontractmanagement*
ciscocommonidentity
corcentric
novatus
*policytech*
qvidian

 

January 30 - Feburary 3, 2017

Application Name

titanfile
*aviso_saml*
cloudmine
*panorama9*
callidus
datacastle
intralinks
ipassopenmobile
joomla
lockpathkeylight
snowflake
socialtext
springcm
gooddata
proofpoint
widencollective
boomi_saml
highq
intuitquickbase_subdomain
bonusly



Table of App Changes:

 

App NameOriginal Week on ScheduleReason for Change
surveymonkey28-Nov-16Additional testing required, may be upgraded at a later date
huddle28-Nov-16Additional testing required, may be upgraded at a later date
igloo28-Nov-16Does not support SHA256, will not be upgraded
skillsoft_skillport28-Nov-16Does not support SHA256, will not be upgraded
expensewatch28-Nov-16Does not support SHA256, will not be upgraded
elogiclearning28-Nov-16Does not support SHA256, will not be upgraded
benetrac28-Nov-16Customer tested.  Does not support SHA256, will not be upgraded.  Rolled back to SHA1
 rypple28-Nov-16Scheduled to be removed from OAN, will not be upgraded
namely28-Nov-16Verified by testing, migrated early
mindtouch_saml28-Nov-16Verified by testing, migrated early
facebook_at_work5-Dec-16Verified by testing, migrated early
quandora5-Dec-16Verified by testing, migrated early
securingthehuman5-Dec-16Does not support SHA256, will not be upgraded
jamasoftware5-Dec-16Does not support SHA256, will not be upgraded
sumtotal_learningmaestro5-Dec-16Customer tested.  Does not support SHA256, will not be upgraded.  Rolled back to SHA1
reflektive5-Dec-16Additional testing required, may be upgraded at a later date
halogensaml5-Dec-16Additional testing required, may be upgraded at a later date
jenkins12-Dec-16Additional testing required, may be upgraded at a later date
accellion12-Dec-16Does not support SHA256, will not be upgraded
openair12-Dec-16Does not support SHA256, will not be upgraded
adobe_cq12-Dec-16Verified by testing, migrated early
crashplanpro12-Dec-16Verified by testing, migrated early
quip12-Dec-16Verified by testing, migrated early
versionone12-Dec-16Verified by testing, migrated early
postini12-Dec-16Retired, will not be migrated
github_enterprise19-Dec-16Additional testing required, may be upgraded at a later date
tableau19-Dec-16Additional testing required, may be upgraded at a later date
cornerstone19-Dec-16Additional testing required, may be upgraded at a later date
ultipro19-Dec-16Additional testing required, may be upgraded at a later date
samange19-Dec-16Additional testing required, may be upgraded at a later date
jobvite19-Dec-16Verified by testing, migrated early
generic_saml19-Dec-16Does not support SHA256, will not be upgraded
sumologic19-Dec-16Verified by testing, migrated early
smartsheet19-Dec-16Verified by testing, migrated early
topdesk9-Jan-17Does not support SHA256, will not be upgraded
tinfoilsecurity9-Jan-17Verified by testing, migrated early
saleshood_saml9-Jan-17Verified by testing, migrated early
docebo9-Jan-17Verified by testing, migrated early
Kaseya_saml9-Jan-17Does not support SHA256, will not be upgraded
Peoplehr9-Jan-17Additional testing required, may be upgraded at a later date
Portalfcmtravel9-Jan-17Additional testing required, may be upgraded at a later date
emarketer_saml16-Jan-17Additional testing required, may be upgraded at a later date
sumtotal_mylearn16-Jan-17Additional testing required.  Does not support SHA256
socialcast16-Jan-17Additional testing required, may be upgraded at a later date
dynamicsignal23-Jan-17Verified by testing, migrated early
bullhorn23-Jan-17Additional testing required, may be upgraded at a later date
geolearning23-Jan-17Additional testing required, may be upgraded at a later date
saucelabs23-Jan-17Additional testing required, may be upgraded at a later date
aribacontractmanagement23-Jan-17Additional testing required, may be upgraded at a later date
policytech23-Jan-17Additional testing required, may be upgraded at a later date
aviso_saml30-Jan-17Verified by testing, migrated early
panorama930-Jan-17Verified by testing, migrated early
sharefile Does not support SHA256, will not be upgraded
Tenrox Does not support SHA256, will not be upgraded
Qualys Does not support SHA256, will not be upgraded
pathgather Verified by testing, migrated early
youcausesaml Verified by testing, migrated early
Insert Row Before