Skip to main content

SAML enrollment flow

This diagram illustrates the high-level SAML enrollment process for both SP and IdP-initiated flows:

samlenrollwf.png

Note

  • DigiCert​​®​​ Trust Lifecycle Manager caches the SAML authenticated sessions for up to 30 minutes. After 30 minutes, users will be forced to re-authenticate against their SAML IdP.

  • The SAML session key is treated as unique, thus preventing from re-using the same SAML response by malicious users.

  • All SAML IdP assertions and responses must be digitally signed.

Before you begin, you need:

  • Issuing CA

  • Business unit

  • Certificate profile