Skip to main content

CertCentral users cannot perform automation tasks

Problem

CertCentral users cannot perform Automation tasks, such as adding a profile, when SAML Single Sign-on (SSO) is set up for their CertCentral account.

Background

When CertCentral users are restricted to SSO only, they cannot create an API key. Automation relies on API keys, called Automation Access Keys,  to interface with CertCentral. Users restricted to SSO only will be unable to perform Automation tasks.

Solution

  1. In the CertCentral left menu, go to Automation > API Keys.

  2. On the API keys page, check to see if the user has an automation access key.

    1. If the user does not have an automation access key, proceed to step 3.

    2. If the user has an automation access key, contact DigiCert Support.

  3. Next, in the CertCentral left menu, go to Account > Users.

  4. On the Users page, in the Name column, select the user's name.

  5. On the user details page, under User access, uncheck Only allow user to log in through SAML/OIDC SSO and select Update user.

  6. Ask the user to sign in to CertCentral without SSO and go to Automation > Manage profiles. When they access Automation, the automation access key will be automatically generated.

    Note

    The user may need to create a password first to sign in to CertCentral.

  7. Have the user sign out of CertCentral.

  8. Go back to the user’s details page, check Only allow user to log in through SAML/OIDC SSO, and select Update user.

You must repeat these steps if the user's Automation Access Key gets revoked.