Question:
What action needs to be taken for a Vault Signing Certificate update?
Answer:
Here is a summary of the actions that must be taken when a Vault Signing Certificate is updated by Veeva:
- Vault end-users should not have to do anything on their end.
- If there are integrations with Vault that rely on Signing Certificates, please download the new Signing Certificate on the date specified in the related Online Help Documentation.
- Customers should work with their local IT Department and their IdP to ensure that the Signing Certificate is updated properly.
Customers have two options when updating to the new Signing Certificate.
-
Upload the new Signing certificate to the IdP. This option will set up the new certificate in the affected domain going forward.
Step 1: Download New Certificate using the first link in the Related Documentation section below
Step 2: Upload New Certificate to IdP (ADFS example)
-
Revert the SAML profile in Vault to use the Previous Certificate. This option can be performed by a Vault Domain Administrator, without involving the IdP administrator. Note: If this option is used, the Signing Certificate must be switched back to the New Certificate before the Final Rollover Date by performing the steps in Option 1.
NOTE: This primarily applies to users that use an SSO-based login security policy and specific integrations (e.g. TIBCO and Informatica). If a customer vault uses the Basic login security policy, then that vault will not be affected by this change.
Related Documentation:
- Vault Documentation: Vault Help