Skip to main content

Configure single sign-on with OIDC

Follow these steps to enable single sign-on (SSO) with OpenID Connect (OIDC) in your DigiCert​​®​​ account account. If another sign-in method is also enabled, users can choose which method to use.

Prerequisites

Before configuring OIDC in DigiCert​​®​​ account:

  • Have administrator access to your company's identity provider (IDP) service, such as PingOne and Okta.

  • Register DigiCert​​®​​ account as an OIDC application with your identity provider (IDP).

  • Configure your IDP to send a preferred_username claim in the ID token.

Astuce

To learn how to register applications for OIDC and configure claims, refer to the documentation for your IDP.

To enable and configure SSO with SAML

  1. Sign in to your DigiCert account.

  2. In the left menu, select Accounts > Sign-in methods.

  3. Select Single-Sign-On with OIDC.

  4. In the Connect your IdP to DigiCert section, enter the following values from your IdP to allow DigiCert to communicate with your IdP for OIDC authentication:

    1. Provider URL

      The URL of your IdP's OIDC discovery endpoint, used by DigiCert to retrieve metadata for authentication. It often follows the format: https://<your-idp-domain>/.well-known/openid-configuration.

    2. Client ID

      ID from your IdP that DigiCert​​®​​ account can use to identify itself in requests to your OIDC service.

    3. Client secret

      Password from your IdP that DigiCert​​®​​ account can use to authenticate requests to your OIDC service.

    4. ID token audience

      Intended recipient of ID tokens your OIDC service generates. Must match the ID token audience configured in your IdP.

      Astuce

      These values are usually found in in your IdP dashboard, under Authentication or OIDC settings.

  5. In the Connect DigiCert to your IdP section, enter the DigiCert endpoints into your IdP to configure redirect, login initiation, and logout processes:

    1. Redirect URI

      When users sign in to an OIDC-enabled account, your OIDC service generates an authentication response and token ID. The OIDC service sends this authentication information back to DigiCert​​®​​ account using this URL.

    2. Login URL

      DigiCert-provided URL that users can access to sign in to DigiCert​​®​​ account using OIDC-based SSO.

    3. Logout URL

      Your OIDC provider uses the logout endpoint to sign the user out of any applications they have logged into via the provider.

  6. Once both steps are completed, In the Enable/Disable SSO with OIDC section, toggle the button to enable SSO with SAML.

  7. Select Save configuration.

What's next

Finish any remaining steps in your IDP to finalize the connection to DigiCert​​®​​ account

DigiCert​​®​​ account sends existing users in your account the Single sign-on access to DigiCert email. The email lets them know you enabled SSO for their account. To access the SSO sign-in page, they need to select Sign in. They will use the SSO URL (the DigiCert-provided login initiation endpoint) to sign in to their account.

Two-Factor Authentication (2FA) and SSO with OIDC

When 2FA is enabled, DigiCert will skip the OTP prompt if you have already provided an OTP to your IdP.

© 2025 DigiCert, Inc.
Date de publication: