Skip to main content

Configure single sign-on with SAML

To streamline the process, we recommend keeping two browser tabs open: one for )DigiCert​​®​​ account and another for your Identity Provider (IdP). This setup allows you to easily reference both platforms and complete the configuration without interruptions.

Prerequisites

Before configuring SAML in DigiCert​​®​​ account:

  • Have administrator access to your company's IdP service, such as Active Directory, Okta, Salesforce, or other user management service.

  • Make sure authentication from your IdP signs the response and the assertion.

  • Have your IdP metadata and SAML certificate.

To enable and configure SSO with SAML

  1. Sign in to your DigiCert® account.

  2. In the DigiCert account menu, go to Accounts icon > Sign-in methods.

  3. Select Single-Sign-On with SAML.

  4. In the Connect DigiCert to your IdP section, upload the DigiCert metadata to your IdP to enable your IdP to communicate with DigiCert for SAML authentication.

    Where do I upload DigiCert metadata in my IdP?

  5. Select Download DigiCert metadata.

  6. In the Connect your IdP to DigiCert section, upload your IdP metadata (including the SAML certificate) to allow DigiCert to communicate with your IdP for SAML authentication.

    Where do I find my IdP metadata?

  7. Once both steps are completed, in the Enable/Disable SSO with SAML section, toggle to enable SSO with SAML.

  8. Select Save configuration.

Troubleshooting

To configure SSO with SAML, you'll need to create DigiCert​​®​​ account an application in your IdP. During the process of creating this application, you'll need to provide DigiCert's metadata. Once the application is created, you can download your IdP metadata that you'll need to provide to DigiCert​​®​​ account.

Tip

To perform this action, you must be an admin in your IdP.

Create SAML application in Okta

  1. Sign in to your Okta Admin dashboard

  2. Go to Applications > Applications.

  3. Select Create App integration:

    1. Select SAML 2.0 as the Sign-on method.

    2. Select Next.

    3. Enter DigiCert​​®​​ account as the App name.

    4. Optional: Add a logo to the App logo field.

  4. Switch to your DigiCert​​®​​ account tab:

    1. Copy the SSO URL.

      SAML_connect_DigiCert_to_your_IdP.png

  5. Switch to your Entra tab:

    1. On the Configure SAML tab, complete the following fields:

      1. Paste the SSO URL from DigiCert account in both of the following fields:

        1. Single sign-on URL

        2. Audience URI (SP Entity ID)

      2. In the Name ID Format field, select Email address.

      3. In the Application username field, select Email.

  6. Select Next.

  7. Select Finish.

  8. On the Sign On tab, select View SAML setup instructions.

  9. In the Optional section, copy the IdP metadata.

  10. Paste the IdP metadata into a notepad and save the file in .xml format.

  11. Switch to your DigiCert​​®​​ account tab:

    1. In the Connect your IdP to DigiCert section, select Upload metadata.

      SAML_connect_IdP_to_DigiCert.png

    2. In the Enable/Disable SSO with SAML section, toggle to enable SSO.

      Enable_SSO.jpg

    3. Select Save configuration.

Note

For more information, refer to Okta Help Center.

Create SAML application in Microsoft Entra ID

  1. Sign in to the Microsoft Entra admin center.

  2. In the left-hand navigation menu, navigate to Microsoft Entra ID > Manage > Enterprise applications.

  3. Select New application.

  4. In the Search application field, enter DigiCert.

  5. Select the application for DigiCert, Inc.

  6. Optional: If you have multiple DigiCert SAML applications, in the Name field, change the name to DigiCert account.

  7. Select Create.

  8. Select the DigiCert account application you just created.

  9. From the application's overview, select Assign users and groups.

    1. This list displays users already assigned to the application.

    2. To add additional users, select +Add user/group.

  10. From the application's overview, in the left hand menu, select Manage > Single sign-on.

    1. In the SAML Certificates section, select Download next to Federation Metadata XML.

  11. Switch to your DigiCert​​®​​ account tab:

    1. In the Connect your IdP to DigiCert section, select Upload metadata.

      SAML_connect_IdP_to_DigiCert.png

    2. In the Connect DigiCert to your IdP section, select Download DigiCert metadata.

      SAML_connect_DigiCert_to_your_IdP.png

    3. In the Enable/Disable SSO with SAML section, toggle to enable SSO.

      Enable_SSO.jpg

    4. Select Save configuration.

  12. Switch to your Entra tab:

    1. Select Upload metadata file.

Note

For more information, refer to Microsoft Learn.

Create SAML application in Google Workspace

  1. Sign in to the Google Admin console.

  2. In the left-hand navigation menu, navigate to Apps > Web and mobile apps.

  3. In the App name field, enter DigiCert account.

  4. In the Description field, enter a custom description.

    Example: DigiCert's single login experience

  5. In the App icon field, upload the DigiCert icon.

  6. Select Continue.

  7. In the Download IdP metadata section, select Download metadata.

  8. Select Continue.

  9. Switch to your DigiCert​​®​​ account tab:

    1. In the Connect your IdP to DigiCert section, select Upload metadata.

      SAML_connect_IdP_to_DigiCert.png

    2. In the Connect DigiCert to your IdP section, copy the SSO URL.

      SAML_connect_DigiCert_to_your_IdP.png

    3. In the Enable/Disable SSO with SAML section, toggle to enable SSO.

      Enable_SSO.jpg

    4. Select Save configuration.

  10. Switch to your Google Workspace tab:

    1. Paste SSO URL in both of these fields:

      1. ACS URL

      2. Entity URL

  11. In the Name ID format field, select Email.

  12. In the Name ID field, keep the default Basic information > Primary email.

  13. Select Continue.

  14. In the Attributes section, select Add mapping.

    1. Below the Google Directory attributes field, select Primary email.

    2. Below the App attributes field, type email.

  15. Select Finish.

Note

For more information, refer to Google Workspace.

Two-Factor Authentication and SSO with SAML

When 2FA is enabled, DigiCert will prompt you to enter an OTP when signing in, even if you have already provided an OTP to your identity provider (IdP).

In this section: