Configure the self-service portal
Self-service portal settings are available from the Account > Settings > Self-service portal page in DigiCert® Trust Lifecycle Manager.
Enable self-service portal access
Follow these steps to enable the open and/or authenticated self-service portals.
Before you begin
The Trust Lifecycle Manager Self-service portal feature must be enabled for your account. Contact your DigiCert account representative to verify or enable this feature.
To configure the self-service portal settings, you need the SSP Manager user role for Trust Lifecycle Manager or a custom user role that includes the
SSP Portal configpermission. To learn more, see Users and access.
From the Trust Lifecycle Manager main menu, select Account > Settings > Self-service portal.
If the self-service portal has not previously been enabled for your account, you see a basic overview page about this feature. Select the Start configuring button to proceed with configuring the self-service portal.
If one of the portals was previously enabled, you see the details page instead. Select the edit (pencil) icon to update the configuration.
In the Open portal tab, make sure the Enable open portal option is selected.
Under Discovery/Imported certificates, select whether to include visibility of certificates that were discovered or imported into Trust Lifecycle Manager. If you enable this option, also select whether to allow users to request revocation of these certificates from the open portal.
The Portal-enabled certificate profiles section lists applicable certificate profiles with the Enable self-service portal option enabled. Certificates issued from these profiles are always visible from the open portal.
The Allowed operations column shows which operations are allowed for each certificate profile from the open portal. You can manage the allowed operations from either the self-service portal settings or the profile configuration wizard.
Use the edit (pencil) icon to update the allowed operations for certificates issued from a particular profile. To allow users to request revocation of certificates from the open portal, enable the Revocation operation for that certificate profile.
Select the Save button at the bottom of the screen to save your changes.
On the details page, copy the Portal URL and/or QR code for the open portal. Provide these to end users so they can access the open portal with the options you configured.
From the Trust Lifecycle Manager main menu, select Account > Settings > Self-service portal.
If the self-service portal has not previously been enabled for your account, you see a basic overview page about this feature. Select the Start configuring button to proceed with configuring the self-service portal.
If one of the portals was previously enabled, you see the details page instead. Select the edit (pencil) icon to update the configuration.
In the Authenticated portal tab, make sure the Enable authenticated portal option is selected.
Add the details about your SAML identity provider (IdP) in the SAML authentication section. Trust Lifecycle Manager uses these parameters to authenticate users who attempt to access the self-service portal.
You can configure your SAML IdP details in one of two ways:
Dynamic configuration (recommended): Download the XML metadata file from your SAML IdP and use it to dynamically configure the self-service portal by uploading the XML file into the designated area, verifying the parsed values, and making changes if needed.
Manual configuration: Manually enter the IdP parameters including the single sign-on authentication URL,
Issuerfield identifier, and IdP certificate.
Signing options: Select the types of SAML messages Trust Lifecycle Manager should sign with its own certificate when communicating with the SAML IdP.
Aviso
Trust Lifecycle Manager acts as the SAML service provider (SP) when authenticating self-service portal users. Refer to your IdP's documentation to determine which signing options your IdP supports and expects from the SP.
Discovery/Imported certificates: Select whether to include visibility of certificates that were discovered or imported into Trust Lifecycle Manager. If you enable this option, also select which self-service operations users are allowed to perform on these certificates from the authenticated portal.
Manage tab visibility: Select whether or not to include the following tabs/sections in the authenticated portal:
Certificate requests: Allows end users to enroll new certificates from profiles enabled for self-service access.
Manage requests: Allows end users to manage enrollments and download new certificates requested through the self-service portal.
Aviso
You can safely disable these tabs if none of your certificate profiles have the Enable self-service portal option enabled, or if you want to prevent users from enrolling new certificates from the self-service portal.
The Portal-enabled certificate profiles section lists applicable certificate profiles with the Enable self-service portal option enabled. Certificates issued from these profiles are always visible from the authenticated portal.
The Allowed operations column shows which operations are allowed for each certificate profile from the authenticated portal. You can manage the allowed operations from either the self-service portal settings or the profile configuration wizard.
Use the edit (pencil) icon to update the allowed operations for certificates issued from a particular profile.
The Attributes column allows you to define one or more SAML attributes for profiles that use
Manual ApprovalorSAML IdPauthentication. These attributes determine which profiles users can view when initiating the certificate enrollment process on the Certificate requests page of the Self-Service Portal. If multiple attribute values are defined, they are evaluated using OR conditions. The key–value pairs defined in the Self-Service Portal against a profile must match the corresponding attribute key–value pairs received in the SAML response from the Identity Provider (IdP). This mapping ensures that users can access only those profiles that correspond to their SAML attributes.
Select the Save button at the bottom of the screen to save your changes.
On the details page, copy the Portal URL and/or QR code for the authenticated portal. Provide these to end users so they can access the authenticated portal with the options you configured.
Disable or re-enable portal access
Edit the self-service portal settings to disable or re-enable access to either the open or authenticated portal:
From the Trust Lifecycle Manager main menu, select Account > Settings > Self-service portal.
Select the edit (pencil) icon on the right.
Deselect the Enable open portal or Enable authenticated portal option to disable it, or select this option to re-enable access.
Select the Save button to apply the changes.
Verify the self-service portal configuration
To verify the portal details, select Account > Settings > Self-service portal from the Trust Lifecycle Manager main menu.
Use the Open portal and Authentication portal tabs to check the current settings for the two portal types:
The Enabled field shows whether each portal type is enabled or not.
If enabled, the display shows the Portal URL and QR code used to access that portal, along with the current configuration options for it.
The profiles table at bottom lists applicable certificate profiles with the self-service portal enabled. For the authenticated portal, the Enrollment URL column shows the URL for enrolling new certificates from the profile (if the enrollment operation is allowed). The enrollment URL is also shown on the profile details page.
Add branding to the self-service portal
Go to Account > Settings > Branding to configure custom branding for the self-service portal.
To learn more, see Branding.
What's next
To learn more about how the self-service portal works from the end user's perspective, see Web self-service options.