Skip to main content

Configure SAML SSO between DigiCert and Okta

Use this procedure to configure single sign-on (SSO) between your DigiCert​​®​​ account and Okta using Security Assertion Markup Language (SAML) 2.0.

To set up this sign in method, you need to switch between two tabs, DigiCert and Okta, to exchange metadata.

For more details about Okta configuration, refer to Okta Help Center.

Before you begin

To finish this setup, you need administrative access in both DigiCert and Okta:

  • Account admin user group required in DigiCert account.

    How do I check my user group?

  • Application Administrator or equivalent role required in Okta.

Step 1: Access DigiCert SSO settings

Access DigiCert's SAML configuration page and copy the SSO URL:

  1. In DigiCert​​®​​ account, select the Accounts icon > sign in methods.

  2. Select Single sign-on with SAML.

  3. In the Connect DigiCert to your IdP section, copy the SSO URL.

  4. Leave this tab open.

Step 2: Create SAML app in Okta

In another tab, create a SAML application for your DigiCert account in Okta:

  1. Sign in to your Okta admin dashboard.

  2. Go to Applications > Applications.

  3. Select Create App integration:

    1. Select SAML 2.0 as the Sign-on method.

    2. Select Next.

    3. Enter DigiCert​​®​​ account as the App name.

    4. Optional: Add a logo to the App logo field.

      Need a DigiCert logo?

  4. On the Configure SAML tab, finish the following fields:

    1. Enter the SSO URL that you copied in Step 1 into both of the following fields:

      1. Single sign-on URL

      2. Audience URI (SP Entity ID)

  5. In the Name ID Format field, select Email address.

  6. In the Application username field, select Email.

  7. Select Next.

  8. Select Finish.

  9. Create the Okta metadata file that you need to provide to DigiCert in Step 3:

    1. Select the Sign On tab > View SAML setup instructions.

    2. In the Optional section, copy the IdP metadata.

    3. Enter the IdP metadata into a notepad and save the file in .xml format.

  10. Leave this tab open.

Step 3: Back in DigiCert account

Back in your DigiCert​​®​​ account tab, upload the Okta metadata that you created in Step 2 and enable SSO:

  1. In the Connect your IdP to DigiCert section, select Upload metadata.

  2. In the Enable/Disable SSO with SAML section, switch to enable SSO.

  3. Select Save configuration.

Step 4: Assign users to your SAML app

Ensure that all users in your DigiCert account are assigned to the SAML application in Okta Admin dashboard:

  1. Go to Applications > Applications.

  2. Select DigiCert account app you created.

  3. Select the Assignments tab.

  4. Select Assign > Assign People.

  5. Next to the user's name, select Assign.

  6. Select Save and Go Back.

  7. Select Done.

Step 5: Test your SAML connection

Verify that you’re able to sign in using your SAML application from Okta Admin dashboard:

  1. Select ∷ > My end user dashboard.

  2. Select the DigiCert account app that you created.

    Tip

    • Your SAML app is configured correctly if you’re redirected to your DigiCert account and asked to finish two-factor authentication (2FA).

    • Not redirected to the 2FA page in your DigiCert account? Compare your SAML app settings to these instructions or contact DigiCert Support for assistance.

DigiCert logos

Use of DigiCert's logo must at all times comply with DigiCert brand guidelines, including the DigiCert Trademark Usage Guidelines available at https://www.digicert.com/legal-repository/ (as updated from time to time).

DigiCert_White_on_Blue_Logo.png
DigiCert_Blue_on_White_Logo.png

DigiCert logos for SSO configuration.

In this section: