Configure single sign-on with SAML
To streamline the process, we recommend keeping two browser tabs open: one for )DigiCert® account and another for your Identity Provider (IdP). This setup allows you to easily reference both platforms and complete the configuration without interruptions.
Prerequisites
Before configuring SAML in DigiCert® account:
Have administrator access to your company's IdP service, such as Active Directory, Okta, Salesforce, or other user management service.
Make sure authentication from your IdP signs the response and the assertion.
Have your IdP metadata and SAML certificate.
To enable and configure SSO with SAML
Sign in to your DigiCert® account.
In the DigiCert account menu, go to Accounts icon > Sign-in methods.
Select Single-Sign-On with SAML.
In the Connect your IdP to DigiCert section, upload your IdP metadata (including the SAML certificate) to allow DigiCert to communicate with your IdP for SAML authentication.
Select Download DigiCert metadata.
In the Connect DigiCert to your IdP section, upload the DigiCert metadata to your IdP to enable your IdP to communicate with DigiCert for SAML authentication.
Once both steps are completed, in the Enable/Disable SSO with SAML section, toggle the button to enable SSO with SAML.
Select Save configuration.
Troubleshooting
Sign in to your Okta Admin dashboard
Go to Applications > Applications.
Select Create App integration:
Select SAML 2.0 as the Sign-on method.
Select Next.
Enter DigiCert® account as the App name.
Optional: Add a logo to the App logo field.
On the Configure SAML tab, complete the following fields:
Paste the SSO URL from DigiCert account in to the Single sign-on URL field.
Paste the value at the end of the SSO URL in the Audience URI (SP Entity ID) field.
On the Sign On tab, scroll down to the SAML Signing Certificates section.
Select the Actions button next to the active certificate.
Select View IDP Metadata from the drop-down menu.
A new browser tab will open with the metadata.
A new browser tab will open with the metadata. Right-click anywhere on the page and select Save As or Save Page As.
Choose a location: to save the file.
Upload the metadata file in DigiCert® account.
Anmerkung
For more information, refer to Okta Help Center.
Sign in to the Microsoft Entra admin center.
In the left-hand navigation menu, navigate to Identity > Applications > Enterprise applications.
Select New application.
From the application's overview, select Single sign-on > SAML from the left-hand menu.
Select the pencil icon next to the Basic SAML configuration section.
Select Upload metadata file from DigiCert® account.
Select Single sign-on from the left-hand menu.
Scroll down to the SAML Signing Certificate section.
Select Download next to Federation Metadata XML.
Upload the metadata file in DigiCert® account.
Anmerkung
For more information, refer to Microsoft Learn.
Sign in to the PingOne admin console.
Navigate to Applications > Integration > SP Connections.
Select Create Connection.
On the Connection Template tab, select Do not use a template for this connection.
Select Next.
On the Connection Type tab, select the Browser SSO Profiles checkbox.
In the Protocol list, select SAML 2.0.
Select Next.
On the Connection Options tab, leave the Browser SSO checkbox selected.
Select Next.
On the Import Metadata tab, import DigiCert metadata, or insert the SSO URL.
Select Next.
On the General Info tab, provide DigiCert® account in the Connection Name field.
Select Next.
On the Connection tab, select Download PingOne Metadata.
Upload the metadata file in DigiCert® account.
Anmerkung
For more information, refer to Ping Identity.
Two-Factor Authentication and SSO with SAML
When 2FA is enabled, DigiCert will prompt you to enter an OTP when signing in, even if you have already provided an OTP to your identity provider (IdP).