Skip to main content

Allow user creation via SSO

The single sign-on (SSO) user creation feature in DigiCert ONE simplifies the process of adding users to your account. Instead of manually entering user details and selecting user roles, you can enable users from specific email domains to join your account using their SSO credentials. A default user role will be assigned to the user, which can be updated by the DigiCert ONE system administrator if required. This ensures a secure and efficient onboarding process.

Note

This workflow is currently only supported in Document Trust Manager and Trust Lifecycle Manager.

Prerequisites

User creation via SSO can only be configured if all of these prerequisites are met:

  • Enable a SSO sign in method (SAML or OIDC).

  • Account must be licensed to use either Document Trust Manager or Trust Lifecycle Manager.

Specify allowed email domains

Enter one or more email domains to allow for user creation via SSO. Users with email addresses from these domains can join this account after successful SSO authentication.

Note

Adding and removing allowed email domains can only be performed by a system administrator with Manage account permission.

  • For accounts hosted by DigiCert, contact your account manager to enable this feature.

  • For self-hosted accounts, contact the system administrator within your organization to enable this feature by following the steps below.

To specify allowed email domains for user creation via SSO:

  1. Sign in to DigiCert ONE.

  2. Navigate to: Manager menu (top-right) > Account.

  3. In the left navigation menu, select Accounts.

  4. On the Accounts page, select the Name of the account.

  5. On the Account details page, in the Allow user creation via SSO section, enter one or more domains.

    Note

    This field will only display if all the prerequisites mentioned above have been met.