Skip to main content

Discovery troubleshooting

Discovery notifications not working for CertCentral users

Problem

Discovery notifications are not working for CertCentral users when SAML Single Sign-on (SSO) is set up for their CertCentral account.

Background

When CertCentral users are restricted to SSO only, they cannot create an API key. Discovery relies on API keys, called Discovery Access Keys, to interface with CertCentral. For users limited to SSO only, Discovery notifications will not work.

Solution

  1. In the CertCentral left menu, go to Automation > API Keys.

  2. On the API Keys page, check to see if the user has a Discovery Access Key.

    1. If the user does not have a Discovery Access Key, proceed to step 3.

    2. If the user has a Discovery Access Key, contact DigiCert Support.

  3. Next, in the CertCentral left menu, go to Account > Users.

  4. On the Users page, in the Name column, select the user's name.

  5. On the user details page, under User access, uncheck Only allow user to log in through SAML/OIDC SSO and select Update user.

  6. Ask the user to sign in to CertCentral without SSO and go to Discovery > Manage Discovery. When they access Discovery, the Discovery Access Key will be automatically generated.

    Note

    The user may need to create a password first to sign in to CertCentral.

  7. Have the user sign out of CertCentral.

  8. Go back to the user’s details page, check Only allow user to log in through SAML/OIDC SSO, and select Update user.

You must repeat these steps if the user's Discovery Access Key gets revoked.

Dans cette section​: