Skip to main content

Configure single sign-on with SAML

To streamline the process, we recommend keeping two browser tabs open: one for )DigiCert​​®​​ account and another for your Identity Provider (IdP). This setup allows you to easily reference both platforms and complete the configuration without interruptions.

Prerequisites

Before configuring SAML in DigiCert​​®​​ account:

  • Have administrator access to your company's IdP service, such as Active Directory, Okta, Salesforce, or other user management service.

  • Make sure authentication from your IdP signs the response and the assertion.

  • Have your IdP metadata and SAML certificate.

To enable and configure SSO with SAML

  1. Sign in to your DigiCert® account.

  2. In the DigiCert account menu, go to Accounts icon > Sign-in methods.

  3. Select Single-Sign-On with SAML.

  4. In the Connect DigiCert to your IdP section, upload the DigiCert metadata to your IdP to enable your IdP to communicate with DigiCert for SAML authentication.

    Where do I upload DigiCert metadata in my IdP?

  5. Select Download DigiCert metadata.

  6. In the Connect your IdP to DigiCert section, upload your IdP metadata (including the SAML certificate) to allow DigiCert to communicate with your IdP for SAML authentication.

    Where do I find my IdP metadata?

  7. Once both steps are completed, in the Enable/Disable SSO with SAML section, toggle the button to enable SSO with SAML.

  8. Select Save configuration.

Troubleshooting

To configure SSO with SAML, you'll need to create DigiCert​​®​​ account an application in your IdP. During the process of creating this application, you'll need to provide DigiCert's metadata. Once the application is created, you can download your IdP metadata that you'll need to provide to DigiCert​​®​​ account.

Tipp

To perform this action, you must be an admin in your IdP.

Create SAML application in Okta

  1. Sign in to your Okta Admin dashboard

  2. Go to Applications > Applications.

  3. Select Create App integration:

    1. Select SAML 2.0 as the Sign-on method.

    2. Select Next.

    3. Enter DigiCert​​®​​ account as the App name.

    4. Optional: Add a logo to the App logo field.

  4. On the Configure SAML tab, complete the following fields:

    1. Paste the SSO URL from DigiCert account in both of the following fields:

      1. Single sign-on URL

      2. Audience URI (SP Entity ID)

  5. On the Sign On tab, scroll down to the SAML Signing Certificates section.

  6. Select the Actions button next to the active certificate.

  7. Select View Id P Metadata from the drop-down menu.

  8. A new browser tab will open with the metadata.

  9. Right-click anywhere on the page and select Save As or Save Page As.

  10. Choose a location to save the file.

  11. Upload the metadata file in DigiCert​​®​​ account.

Anmerkung

For more information, refer to Okta Help Center.

Create SAML application in Microsoft Azure

  1. Sign in to the Microsoft Entra admin center.

  2. In the left-hand navigation menu, navigate to Identity > Applications > Enterprise applications.

  3. Select New application.

  4. From the application's overview, select Single sign-on > SAML from the left-hand menu.

  5. Select the pencil icon next to the Basic SAML configuration section.

  6. Select Upload metadata file from DigiCert​​®​​ account.

  7. Select Single sign-on from the left-hand menu.

  8. Scroll down to the SAML Signing Certificate section.

  9. Select Download next to Federation Metadata XML.

  10. Upload the metadata file in DigiCert​​®​​ account.

Anmerkung

For more information, refer to Microsoft Learn.

Two-Factor Authentication and SSO with SAML

When 2FA is enabled, DigiCert will prompt you to enter an OTP when signing in, even if you have already provided an OTP to your identity provider (IdP).

In diesem Abschnitt: