Skip to main content

Create certificate profiles for SAML IdP authentication

Available certificate templates

Use one of the following base templates to create certificate profiles in DigiCert​​®​​ Trust Lifecycle Manager for SAML IdP authentication.

Create a certificate profile

To create a certificate profile for SAML IdP authentication in DigiCert​​®​​ Trust Lifecycle Manager:

  1. From the Trust Lifecycle Manager main menu, select Policies > Certificate profiles.

  2. Select the Create profile from template action at the top of the page.

  3. Select one of the templates from the above table as the basis for creating the certificate profile.. This example uses the Generic User Certificate template.

  4. On the Primary options page:

    1. Create a name for the profile.

    2. Select the appropriate business unit and the issuing CA.

    3. Select an enrollment method. In this example, we use DigiCert Trust Assistant with the "Operating System KeyStore" option.

    4. Select SAML IdP as the authentication method.

    5. Select Next.

  5. On the Certificate options page:

    1. Set the validity period of the certificate, the required key type and size, the signing algorithm, the renewal window, and the required certificate fields, for example the common name and email address.

    2. Select the appropriate source for the field (SAML Assertion, Entered by User).

      When you select SAML Assertion as the source field, make sure to enter the SAML attribute name that your SAML IdP provider will use to populate the certificate field.

    3. Select Next.

  6. Configure the required certificate Extensions.

    1. Key usages

    2. Extended key usages

    3. Select Next.

  7. Configure Additional options.

    1. The certificate's delivery format

    2. Email configuration and notifications

    3. LDAP search

    4. Contact details. The details appear on the end-user enrollment pages. This info allows end users to contact the team that can support them with SAML enrollment issues.

    5. Select Next.

  8. Configure Advanced settings.

    1. The Seat Id Mapping certificate field is used to uniquely identify user requests and binds them to your seat.

    2. Use your SAML IdP configuration data here. In the Configure SAML IdP section, upload your SAML IdP Metadata file.

      Otherwise, enter temp data to save the profile. For example:

      • Identity Provider URL: http://temp.com

      • Identity Provider Issuer: temp

      • Identity Provider Single Logout URL (optional): https://temp.logout.com

      • Identity Provider Certificate: temp

    3. Select Create to save the profile configuration. You are then redirected to the Profile details page.

  9. On the Profile details page, scroll down and select the Advanced settings section. In that section, select Download SP Metadata to download the DigiCert SAML metadata file.

Anmerkung

For Okta, the Single Sign On URL, Audience Restriction, and Default RelayState values are used.

The SAML Service Provider (SP) metadata file and certificate are not required, although other SAML IdP vendors do require the configuration data in such formats.

When you have a profile for SAML IdP authentication, Create your Okta SAML application.