Skip to main content

About DigiCert ONE login profile

Anmerkung

This feature is available for DigiCert Trust Assistant version 1.2.0 or later.

Certificate profiles configured with the authentication method as DigiCert ONE Login allow users to register using information from your organization’s Identity Provider and issue and renew certificates using DigiCert Trust Assistant. The following describes the capabilities of DigiCert ONE Login configured profiles:

  • Create a user on DigiCert ONE from your organization’s Identity Providers via Single sign-on

  • Automatically issue and renew certificates through DigiCert Trust Assistant

  • Use attributes stored in the Identity Provider as certificate information

  • Restrict profile access based on user attributes such as group information stored in the Identity Provider

User creation flow diagram

The diagram below describes the user flow where DigiCert Trust Assistant, DigiCert ONE, and Identity Provider integrate to authenticate and create users for DigiCert Trust Assistant.

Screenshot_2024-09-10_at_11_15_01_AM.png

  1. The user clicks on the DigiCert ONE Login URL distributed by the administrator. Refer to Deliver DigiCert ONE login URL to users for more details.

  2. The user is redirected to the Trust Lifecycle Manager login page.

  3. The user can download the latest DigiCert Trust Assistant if it has not already been installed on the device.

  4. The user clicks on the Sign-up button to trigger an authentication request through DigiCert Trust Assistant, then the user is redirected to the Account Manager Sign-in page.

  5. The user clicks on Join account to proceed to the user creation page. The user’s email is required and clicks Join account, which is redirected to the Identity Provider’s sign-in page. Refer to Allow user creation via SSO for more details.

  6. Upon successful sign-in to the configured Identity Provider, the user is redirected back to Account Manager, and a user account is created on the DigiCert ONE user database.

  7. The user is redirected back to DigiCert Trust Assistant, and a Device Certificate (used as client authentication to automate the authentication between DigiCert Trust Assistant and DigiCert ONE) is issued. Refer to About Device Certificate for more information about Device Certificate.

  8. DigiCert Trust Assistant will start requesting certificates from the Trust Lifecycle Manager at random intervals. Trust Lifecycle Manager will issue a certificate to DigiCert Trust Assistant upon properly identifying the user with the Device Certificate. Refer to Auto enroll and renew certificate for more details.

In diesem Abschnitt: