Skip to main content

About DigiCert ONE login profile

Note

This feature is available for DigiCert Trust AssistantDigiCert​​®​​ Trust Assistant version 1.2.0 or later.

Certificate profiles configured with the Authentication method as DigiCert ONE Login allow users to register using information from your organization’s Identity Provider and issue and renew certificates using DigiCert Trust Assistant The following describes the capabilities of DigiCert ONE Login configured profiles:

  • Create a user on DigiCert ONE from your organization’s Identity Providers via Single sign-on

  • Automatically issue and renew certificates through DigiCert Trust Assistant

  • Use attributes stored in the Identity Provider as certificate information

  • Restrict profile access based on user attributes such as "group" information stored in the Identity Provider

User creation flow diagram

The diagram below describes the user flow where DigiCert Trust Assistant, DigiCert ONE, and Identity Provider integrate to authenticate and create users for DigiCert Trust Assistant.

DTA-DC1-IdP-system_drawio.png

  1. The user selects the DigiCert ONE Login URL provided by the administrator. See Deliver DigiCert ONE login URL to users for more details.

  2. The system redirects the user to the Trust Lifecycle Manager login page.

  3. The user downloads and installs the latest DigiCert Trust Assistant if it is not already installed on the device.

  4. The user selects the Sign-up button to trigger an authentication request through DigiCert Trust Assistant. The system redirects the user to the Identity Provider’s sign-in page.

    A dialog may appear requesting permission to access the local network. If prompted, the user selects Allow. This permission is required because the browser communicates with DigiCert Trust Assistant through a local port.

  5. The user enters credentials to sign in to the configured Identity Provider.

  6. Upon successful sign-in to the configured Identity Provider, the system redirects the user to Account Manager, and creates a user account in the DigiCert ONE user database.

  7. The system redirects the user back to DigiCert Trust Assistant, and issues a Device Certificate for client authentication between DigiCert Trust Assistant and DigiCert ONE. See About Device Certificate for more information about Device Certificate.

  8. DigiCert Trust Assistant automatically requests certificates from Trust Lifecycle Manager at random intervals. Trust Lifecycle Manager issues a certificate to DigiCert Trust Assistantupon properly identifying the user with the Device Certificate. See Auto enroll and renew certificate for more details.

In this section: