DigiCert ONE Platform

This version of DigiCert ONE Clients introduced a localized user interface. Users can now change the language using the Language selection menu in the application settings.

Previously, DigiCert ONE​​ Clients defaulted to the most recent client authentication certificate from the certificate store. Users could not select an alternative certificate for authentication. With this update, DigiCert ONE​​ Clients displays a list of available certificates if more than one is present in the store, allowing users to choose the appropriate certificate for authentication.

30 days before your credentials expire, a pop-up appears with the message: "Your credentials expire in 30 days". Select Refresh configuration to generate and replace the expiring credentials to ensure uninterrupted service. If you select Remind me later, the pop-up will continue to appear until you refresh your credentials.

We identified and fixed an issue where the View EM rule permission in Trust Lifecycle Manager was not being displayed as expected.

We improved the performance of loading and displaying account information.

As part of ongoing improvements to DigiCert ONE​​ Clients, we have made minor improvements and bug fixes to limit errors, improve usability, and security.

We fixed an issue where updates to the account name in DigiCert account were not reflected in the linked DigiCert ONE account. Account names now stay in sync across both platforms.

As part of ongoing improvements to Account Manager and the DigiCert ONE platform, we have made minor improvements and bug fixes to limit errors, improve usability, and security.

We fixed an issue that prevented users from changing the language on the login page.

We resolved performance issues affecting user creation workflows.

The “Reset user credentials” option is now hidden for users who haven't completed their initial credential and 2FA setup. Instead, Admins will now see Resend invitation email or Delete user for pending accounts.

We resolved a performance issue that caused a 7–8 second delay when creating users. User creation now occurs instantly, as expected.

We fixed an issue where password guidelines were not appearing during password setup. Guidelines now display correctly.

As part of ongoing improvements to Account Manager and the DigiCert ONE platform, we have made minor improvements and bug fixes to limit errors, improve usability, and security.

We added support for updating a user's "First name" and "Last name" via the PATCH method in the Account API.

Example patch:

curl --location --request PATCH 'https://dcone.cluster.local/account/api/v1/user/629139f6-0bb2-4264-a67b-20405174bf69' \
--header 'CLIENT_SECRET: 24c9f208-4b16-4ab6-88d5-f403b2b48fca' \
--header 'CLIENT_ID: document_signing_cli' \
--header 'Content-Type: application/json' \
--header 'Cookie: XSRF-TOKEN=0cf462a3-cee1-435e-8e28-e2303460fcdd' \
--data '{ 
    "op": "replace", 
    "path": "/phone" 
    "value": "+917847945213" 
}'

We introduced a new permission category in Trust Lifecycle Manager called Policy Rules. This category includes the following permissions:

We added Policy rule permissions to the following user roles:

We removed browser autocomplete suggestions for the One-Time Passcode (OTP) field on the DigiCert​​®​​ account sign-in page.

As part of ongoing improvements to DigiCert​​®​​ account platform, we have made minor improvements and bug fixes to limit errors, improve usability, and security.

We fixed an issue where usernames containing special characters were incorrectly displayed on the password entry page. Previously, special characters were replaced with spaces, resulting in failed logins due to incorrect credentials.

We fixed an issue where KeyLocker users were incorrectly assigned Software Trust Manager roles instead of the appropriate KeyLocker user roles.

We resolved an issue where system users were unable to update licenses in Device Trust Manager.

We fixed a localization issue where the DTM signer user role was translated incorrectly into Dutch.

As part of ongoing improvements to Account Manager and the DigiCert ONE platform, we have made minor improvements and bug fixes to limit errors, improve usability, and security.

Added Valid and Expired tags to the SAML configuration details to help users quickly identify certificate status. Additionally, a warning message now appears on the Sign-in methods page when the SAML certificate is expired, prompting users to upload a new one.

Previously, only account admins could view users within the account. Now, account users can also view the user list. This is helpful when users need to identify an admin to complete specific actions.

As of May 1, 2025, the release notes URL has changed. The link to the release notes in DigiCert​​®​​ account has been updated to reflect the new location.

We fixed inconsistent error messages in the create user API when the user_name field contains a space. The API now consistently returns the correct message:

"Enter a valid user name. Letters, numbers, and these special characters allowed: - . , # & @ + ! * ? _ ",
"field": "user_name"

We fixed an issue where the timeout page displayed a technical error message: linking.error.Title.Expired JWS token instead of notifying the user that their session had timed out. The page now clearly instructs users to refresh their browser and sign back in.

We resolved an issue where the update account API accepted a past date as the service end date but failed to save it to the audit log. The API now validates the date correctly and logs changes as expected.

We fixed an issue in Trust Lifecycle Manager where users from different organizations within the same account were incorrectly listed when assigning admins to a business unit. Only users from the relevant organization are now displayed.

DigiCert accounts now support client certificate authentication as a form of two-factor authentication. When client certificate authentication is enabled as a 2FA method, the user will be redirected in the sign-in workflow to generate and install their client authentication certificate in their browser.

We fixed an issue where users signing in with SSO for the first time were not shown the Service Level Agreement (SLA) dialog after setting up OTP. Instead, they were redirected back to the login screen. This flow now works as expected.

We updated the Link your DigiCert services email template to clarify that action is only required if your account has more than one DigiCert service, based on user feedback.

We resolved an issue where some users saw a non-progressing spinner after entering their username and clicking Next, preventing them from reaching the password page.

Previously, changing your DigiCert ONE environment required manual edits to the config.json file. With version 1.1.0, you can now select your preferred production environment directly within the app interface. To select or change a production environment:

To change to a demo environment, you still need to update the config file, refer to Switch your environment for more information.

In earlier versions, an Account Manager user role was necessary to access account details, licensing information, and user permissions. With version 1.1.0, this requirement has been removed.

Depending on your DigiCert ONE services, you only need one or more of the following:

When you sign in to your account using SSO with OIDC, if your Identity Provider (IdP) enforces two-factor authentication (2FA), DigiCert now recognizes the 2FA confirmation from your IdP. This prevents DigiCert from prompting for 2FA again, even if it is enabled on your account. This behavior is also recorded in the audit logs.

The Update user API now returns the services assigned to a user, enabling updates to both user details and service assignments.

To provide more granular control, the following new permissions have been added to Document Trust Manager:

The system now correctly blocks the creation of users with duplicate usernames.

We resolved an issue where clicking Create user caused the system to hang and allow the user to click the button multiple times, creating duplicate user accounts.

We fixed a bug that prevented account migration when a user's first or last name contained Japanese characters.

We adjusted font sizes across the interface for a more consistent user experience.

We have improved translations across the platform. This includes updated text on pages where Applied filter and Clear all appear at the top of tables, along with other minor translation corrections to enhance consistency and clarity.

We resolved an issue where an organization with multiple accounts could only add a company domain for the Onboard user via SSO flow to one account. The same domain can now be added to multiple accounts within the same organization.

We have improved translations across the platform. This includes updated text on pages where Applied filter and Clear all appear at the top of tables, along with other minor translation corrections to enhance consistency and clarity.

We refreshed the DigiCert account interface to improve usability and workflow efficiency. Instead of navigating away, a contextual side rail (drawer) will open on the right-hand side when you:

To enhance your support experience, DigiCert support agents can now:

As an account admin, you now have greater control and visibility. You can:

As an account user, you can now better understand and manage your account. You can:

Resolved an issue where CertCentral transitioned to a DigiCert​​®​​ account and then purchased DigiCert​​®​​ KeyLocker were incorrectly prompted to enter their DigiCert ONE password to access DigiCert​​®​​ KeyLocker. Since the accounts are linked, this prompt should not have appeared.

Fixed a bug where users who signed in using methods other than username/password and 2FA (e.g., SSO) were locked out after entering an incorrect OTP five times. Admins were not shown the option to unlock these users. This option is now visible and functional.

Fixed an issue where users signing in with SSO (OIDC) and 2FA were redirected to the DigiCert ONE sign-in page after their 2FA was reset and they clicked the link in the email. These users will now be correctly redirected to the 2FA setup page after completing IDP authentication.

Resolved an issue where users received a federatedAccountError when admins tried to change the user role of an account-scope user assigned to multiple accounts, where at least one account had been transitioned to a DigiCert account.

DigiCert​​®​​ account improved two-factor authentication (2FA) by adding support for one-time passcodes (OTP) via email. Previously, you could only authenticate using an authenticator app. Now during sign-in, when 2FA is enabled, users can choose to receive an OTP through either an authenticator app or email to sign in.

DigiCert ONE now supports both POST and REDIRECT bindings, ensuring broader compatibility with different Identity Providers.

CA Manager:

Trust Lifecycle Manager:

Added the View SSP Portal Config permission.

Device Trust Manager:

Fixed an issue where the Allow user creation via SSO section was missing the field to add new domain names. The field now appears correctly.

Fixed an issue where searches failed when an organization name filter contained the special character "&" in the Users tab.