About DigiCert ONE login profile
Note
This feature is available for DigiCert Trust Assistant version 1.2.0 or later.
Certificate profiles configured with the Authentication method as DigiCert ONE Login allow users to register using information from your organization’s Identity Provider and issue and renew certificates using DigiCert Trust Assistant. The following describes the capabilities of DigiCert ONE Login configured profiles:
Create a user on DigiCert ONE from your organization’s Identity Providers via Single sign-on
Automatically issue and renew certificates through DigiCert Trust Assistant
Use attributes stored in the Identity Provider as certificate information
Restrict profile access based on user attributes such as "group" information stored in the Identity Provider
User creation flow diagram
The diagram below describes the user flow where DigiCert Trust Assistant, DigiCert ONE, and Identity Provider integrate to authenticate and create users for DigiCert Trust Assistant.
The user clicks the DigiCert ONE Login URL distributed by the administrator. Refer to Deliver DigiCert ONE login URL to users for more details.
The user is redirected to the Trust Lifecycle Manager login page.
The user can download the latest DigiCert Trust Assistant if it has not already been installed on the device.
The user clicks the Sign-up button to trigger an authentication request through DigiCert Trust Assistant, then the user is redirected to the Account Manager Sign-in page.
The user clicks Join account to proceed to the user creation page. The user’s email is required and clicks Join account, where the user is redirected to the Identity Provider’s sign-in page. For details, refer to User creation via SSO.
Upon successful sign-in to the configured Identity Provider, the user is redirected back to Account Manager, and a user account is created on the DigiCert ONE user database.
The user is redirected back to DigiCert Trust Assistant, and a Device Certificate (used as client authentication to automate the authentication between DigiCert Trust Assistant and DigiCert ONE) is issued. Refer to About Device Certificate for more information about Device Certificate.
DigiCert Trust Assistant will start requesting certificates from the Trust Lifecycle Manager at random intervals. Trust Lifecycle Manager will issue a certificate to DigiCert Trust Assistant upon properly identifying the user with the Device Certificate. Refer to Auto enroll and renew certificate for more details.