New Identity Connect Release Available for TLS Compatibility
|Knowledge Article Number||000233784|
What is the change and impact?
Starting in June 2016, Salesforce will begin disabling the TLS 1.0 encryption protocol in a phased approach across our services to support security best practices. The disablement of TLS 1.0 will prevent it from being used to access the Salesforce service within inbound and outbound connections.
As Identity Connect uses the TLS encryption protocol to connect to Salesforce, the disablement of TLS 1.0 will impact the provisioning capabilities of Identity Connect. Customers who do not upgrade to Identity Connect version 2.1.0 prior to the TLS 1.0 disablement will be unable to propagate any user account or entitlement changes from Active Directory to Salesforce, including user creation and disablement. Please note that user authentication for existing users will not be impacted.
What action do I need to take?
To prepare for this change, you will need to upgrade your existing version of Identity Connect to 2.1.0 or higher prior to the Salesforce disablement of TLS 1.0 for production orgs in March 2017.
The upgrade should be performed during off-peak hours, as the service will be unavailable during the upgrade. A backup of your current install is recommended prior to performing the upgrade to ensure the ability to perform a rollback if needed. Additionally, the upgrade will require an update to Java 8 on all servers hosting Identity Connect.
The newest version for either a Windows or Linux system can be downloaded from Setup | Security Controls | Identity Connect within Salesforce. Customers should review section 2.6, “Upgrading an Identity Connect instance”, within the Implementation Guide for more details on how to upgrade.
Test the TLS compatibility with Identity Connect version 2.1.0 using the TLS 1.0 Disablement Critical Update Console (CRUC) setting in a sandbox environment before testing it in your production org. See the TLS 1.0 Disablement Critical Update Console (CRUC) Setting article for more details.
Where can I get more information?
Review the articles and resources linked above for more information.
For additional questions, open a case with Support via the Help & Training portal.