The following actions must be taken to ensure access to Agiloft service remains and applies to both Production and Training environments.
The Digital Signature Certificate for the domain *.agiloft.com that is used in the keystore of Agiloft hosted servers will expire on December 22, 2023.
As such, the keystore will be updated with a new certificate on Saturday, December 16, 2023 (Saturday). Agiloft will be updating the keystore with a new certificate on December, 16, 2023, within the server maintenance window starting 2am PST. Estimated completion time for the work is 90 minutes.
Please share this information with your IT representative to action on or by December 16, 2023.
Potential Impact
If you connect to Agiloft using SAML SSO through a 3rd party Identity provider (like ADFS, OKTA, etc), you will need to add the new certificate to your application’s keystore on December 16th.
If you do not, you will no longer be able to connect to Agiloft using SSO until you import the new certificate. Note that some SAML providers like ADFS may allow you to import the new certificate as an add-on to the existing certificate for the same trusting party. In such a case you may import the new certificate ahead of the change on Agiloft’s side.
Please note that Agiloft don’t encrypt their SAML requests, however if you do encrypt the SAML responses using their public key, then you would need to wait until December 16 before replacing the encryption key.
As an alternative, replacing the certificate can be done the next business day if your business does not require SSO access over the weekend of the 16th.
You can download the certificate directly from Agiloft at this location. For instructions on how to install the new certificate for different Identity providers is available here.
Comments
Please sign in to leave a comment.