Skip to main content

Create SAML IdP applications in Azure AD portal

You need SAML IdP metadata to configure your certificate profile in DigiCert​​®​​ Trust Lifecycle Manager. If you have already created a SAML IdP application on your Azure portal, skip this process.

To create a SAML IdP application in your Azure AD portal and download the metadata:

  1. Log in to your Azure account as an administrator.

  2. Navigate to Enterprise applications .

  3. Select New application > Create your own application.

  4. Give your application a name.

  5. Select Create.

    Your new application is created, and you are on the Home > Overview page for it.

  6. Under Getting Started, open the Assign users and groups link on the Assign users and groups card.

  7. Select Add user/group, and create a test user or group for the app.

  8. Select your new test user or group, and click Assign.

  9. Navigate back to the Home > Overview page of your app using the breadcrumbs at the top of the page.

  10. Under Getting Started, open the Get started link on the Set up single sign-on card.

  11. Select the SAML card to configure your SAML application.

  12. Select Upload metadata file and upload the SAML SP metadata file that you downloaded after creating the DigiCert ONE TLM profile.

  13. Navigate to the uploaded metadata file and select Add.

  14. Select No, I’ll test later.

  15. Under Attributes & Claims, select the pencil icon to edit.

  16. Review and make sure the Subject DN and SAN fields in your TLM profile are mapped to these Claim names in your Azure app.

    Warning

    To avoid parsing issues, update the main Unique User Identifier (Name ID) claim to use user.mail as the source attribute. By default, it uses "user.userprincipalname".

  17. Under SAML Signing Certificate, click Edit.

  18. Next to the Signing Option field, select Sign SAML response and assertion from the drop-down.

  19. Select Save.

  20. Under SAML Signing Certificate, Download the Federation Metadata XML. This is the SAML IdP metadata needed to configure your certificate profile in Trust Lifecycle Manager.

When you have the metadata, complete configuration of your certificate profile.