Configure SAML SSO between DigiCert and Google Workspace
Use this procedure to configure single sign-on (SSO) between your DigiCert® account and Google Workspace using Security Assertion Markup Language (SAML) 2.0.
To set up this sign in method, you need to switch between two tabs, DigiCert and Google Workspace, to exchange metadata.
For more details about Google Workspace configuration, refer to Google Workspace.
Before you begin
To finish this setup, you need administrative access in both DigiCert and Google Workspace:
Account admin user group required in DigiCert account.
Application Administrator or equivalent role required in Google Workspace.
Access DigiCert's SAML configuration page:
In DigiCert® account, select the Accounts icon > sign in methods.
Select Single sign-on with SAML.
Leave this tab open.
In another tab, create a SAML application for your DigiCert account:
Sign in to the Google Admin console.
In the left pane, navigate to Apps > Web and mobile apps.
In the App name field, enter DigiCert account.
In the Description field, enter a custom description.
Example: DigiCert's single login experience
In the App icon field, upload the DigiCert icon.
Select Continue.
In the Download IdP metadata section, select Download metadata.
Select Continue.
Leave this tab open.
Back in your DigiCert® account tab, upload the metadata file that you downloaded in Step 2 and copy the SSO URL.
In the Connect your IdP to DigiCert section, select Upload IdP metadata.
In the Connect DigiCert to your IdP section, copy the SSO URL.
In the Enable/Disable SSO with SAML section, switch to enable SSO.
Select Save configuration.
Back in your Google Workspace tab, enter the SSO URL that you copied from DigiCert® account in Step 3, and finish the remaining fields.
Enter the SSO URL in both of these fields:
ACS URL
Entity ID
In the Name ID format field, select Email.
In the Name ID field, keep the default Basic information > Primary email.
Select Continue.
In the Attributes section, select Add mapping.
Below the Google Directory attributes field, select Primary email.
Below the App attributes field, type email.
Select Finish.
Ensure that all users in your DigiCert® account are assigned to the SAML application in Google Admin console:
Go to Apps > Web and mobile apps.
Select the DigiCert app you created.
In the User access section, select View details.
In the Organizational units section, select the group you want to assign.
In the Service status field, select the radio button next to On.
Select Save.
Tip
Need help? Create a Organizational Unit in Google Workspace.
Verify that you’re able to sign in using your SAML application from Google Admin console:
Go to Apps > Web and mobile apps.
Select the DigiCert app you created.
On the DigiCert app overview, select TEST SAML LOGIN.
In the Can't test SAML login modal, select Allow access.
In the Service status field, select the radio button next to ON for everyone.
Select Save.
Return to the DigiCert app overview, select TEST SAML LOGIN.
Tip
Your SAML app is configured correctly if you’re redirected to your DigiCert account and asked to finish two-factor authentication (2FA).
Not redirected to the 2FA page in your DigiCert account? Compare your SAML app settings to these instructions or contact DigiCert Support for assistance.
DigiCert logos
Use of DigiCert's logo must at all times comply with DigiCert brand guidelines, including the DigiCert Trademark Usage Guidelines available at https://www.digicert.com/legal-repository/ (as updated from time to time).
DigiCert logos for SSO configuration.