SAML enrollment flow
This diagram illustrates the high-level SAML enrollment process for both SP and IdP-initiated flows:
Note
DigiCert® Trust Lifecycle Manager caches the SAML authenticated sessions for up to 30 minutes. After 30 minutes, users will be forced to re-authenticate against their SAML IdP.
The SAML session key is treated as unique, thus preventing from re-using the same SAML response by malicious users.
All SAML IdP assertions and responses must be digitally signed.
Before you begin, you need:
Issuing CA
Business unit
Certificate profile