DigiCert ONE Login - Supplying claims using Okta
You can configure Okta to add claims to OIDC ID token. This is required for DigiCert ONE Login through DigiCert® Trust Assistant using OIDC. For generic information about the configuration, such as configuring single sign-on, creating user, editing user information, and creating and adding a user to groups, refer to official Okta documentation.
Supply attribute in claim
In Okta, go to Security > API and under the Authorization Servers tab, select the API used for DigiCert One Login.
In the Claims tab, select Add Claim.
In the Add Claim window, add first name to the claim with the following information, and select Create:
Name: first_name
Include in token type: ID Token, Always
Value type: Expression
Value: user.firstName
Add one more claim, last name:
Name: last_name
Include in token type: ID Token, Always
Value type: Expression
Value: user.lastName
(Optional) To add additional user information into the certificate issued by the user, you must add those attributes into ID Token. Add the claims in the same manner as above.
Supply group in claim
In Okta, go to Security > API and under the Authorization Servers tab, select the API used for DigiCert One Login.
In the Claims tab, select Add Claim.
In the Add Claim window, enter or select the following information, and select Create:
Name: groups
Include in token type: ID Token, Always
Value type: Groups
Filter: Matches regex, .*
Check ID token
You can preview the ID Token in the Token Preview tab. Ensure that you select:
Grant type: Authorization Code
Scopes: openid
Additional references
The following are links to official guides on Okta with more details about the process explained above.
Note
DigiCert provides these third-party URLs for your convenience. While we aim to link to reputable sources, we are not responsible for the content or availability of these external sites.