Skip to main content

Configure SAML SSO for DigiCert Private CA

Configure DigiCert Private CA in a customer-hosted environment to use your organization’s identity provider for SAML single sign-on.

Before you begin

Review the following topics:

  • SAML SSO prerequisites and required attributes

  • Service provider endpoints for SAML SSO

You need access to the local superadmin account for your DigiCert Private CA instance.

Configure SAML SSO

  1. Sign in to the Private CA as the local superadmin user.

  2. In the left navigation menu, select Settings > SAML SSO.

  3. Turn on Enable SSO sign-in.

  4. Select Download DigiCert metadata.

  5. In your identity provider, create or configure a SAML 2.0 application for DigiCert Private CA. Use the DigiCert Private CA service provider metadata or manually enter the service provider endpoints.

  6. In your identity provider, configure the required SAML attributes:

    • email

    • firstName

    • lastName

  7. Download the identity provider metadata XML from your identity provider.

  8. In the Private CA, upload the identity provider metadata XML.

  9. Select Save.

Next step

After you save the SAML configuration, validate SSO sign-in and logout.