Configure your identity provider for SAML SSO
After you download the DigiCert® Private CA service provider metadata, configure a SAML 2.0 application in your identity provider.
The exact steps depend on your identity provider.
Supported configuration values
Use these values from DigiCert Private CA when configuring your identity provider.
Identity provider setting | DigiCert Private CA value |
|---|---|
Entity ID, Audience URI, or Client ID | SP Entity ID |
Reply URL, ACS URL, or Single Sign-On URL | Assertion Consumer Service URL |
Logout URL or SLO URL | Single Logout URL |
NameID format | urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress |
Configure Okta for SAML SSO
Configure Okta as the SAML identity provider for DigiCert Private CA.
Before you begin
Download the DigiCert Private CA service provider metadata or copy the service provider endpoint values.
To configure Okta:
In the Okta Admin Console, go to Applications.
Select Create App Integration.
Select SAML 2.0.
Set Single Sign-On URL to the DigiCert Private CA ACS URL.
Set Audience URI to the DigiCert Private CA SP Entity ID.
Add the following attribute statements.
Attribute
Value
emailUser email address
firstNameUser first name
lastNameUser last name
Assign the application to the required users or groups.
Download the identity provider metadata XML from the Sign On tab.
Upload the metadata XML in DigiCert Private CA.
Configure Microsoft Entra ID for SAML SSO
Configure Microsoft Entra ID as the SAML identity provider for DigiCert Private CA.
Before you begin
Download the Private CA service provider metadata or copy the service provider endpoint values.
To configure Microsoft Entra ID:
In Microsoft Entra ID, go to Enterprise applications.
Create a new non-gallery application.
Configure Single sign-on using SAML.
In Basic SAML Configuration, set Identifier (Entity ID) to the DigiCert Private CA SP Entity ID.
Set Reply URL (ACS URL) to the DigiCert Private CA ACS URL.
Configure attributes and claims for:
emailfirstNamelastName
Download the federation metadata XML.
Upload the metadata XML in DigiCert Private CA.
Configure Keycloak for SAML SSO
Configure Keycloak as the SAML identity provider for DigiCert Private CA.
Before you begin
Download the DigiCert Private CA service provider metadata or copy the service provider endpoint values.
To configure Keycloak:
Create a new SAML client.
Set Client ID to the DigiCert Private CA SP Entity ID.
Set Valid Redirect URIs to the DigiCert Private CA ACS URL.
Configure mappers for:
emailfirstNamelastName
Export the identity provider metadata from Realm Settings > SAML 2.0 Identity Provider Metadata.
Upload the metadata XML in DigiCert Private CA.