Skip to main content

DigiCert ONE Login - Supplying claims using Okta

You can configure Okta to add claims to OIDC ID token. This is required for DigiCert ONE Login through DigiCert​​®​​ Trust Assistant using OIDC. For generic information about the configuration, such as configuring single sign-on, creating user, editing user information, and creating and adding a user to groups, refer to official Okta documentation.

Supply attribute in claim

  1. In Okta, go to Security > API and under the Authorization Servers tab, select the API used for DigiCert One Login.

  2. In the Claims tab, select Add Claim.

  3. In the Add Claim window, add first name to the claim with the following information, and select Create:

    1. Name: first_name

    2. Include in token type: ID Token, Always

    3. Value type: Expression

    4. Value: user.firstName

  4. Add one more claim, last name:

    1. Name: last_name

    2. Include in token type: ID Token, Always

    3. Value type: Expression

    4. Value: user.lastName

  5. (Optional) To add additional user information into the certificate issued by the user, you must add those attributes into ID Token. Add the claims in the same manner as above.

Supply group in claim

  1. In Okta, go to Security > API and under the Authorization Servers tab, select the API used for DigiCert One Login.

  2. In the Claims tab, select Add Claim.

  3. In the Add Claim window, enter or select the following information, and select Create:

    1. Name: groups

    2. Include in token type: ID Token, Always

    3. Value type: Groups

    4. Filter: Matches regex, .*

Check ID token

You can preview the ID Token in the Token Preview tab. Ensure that you select:

  • Grant type: Authorization Code

  • Scopes: openid

Additional references

The following are links to official guides on Okta with more details about the process explained above.

Note

DigiCert provides these third-party URLs for your convenience. While we aim to link to reputable sources, we are not responsible for the content or availability of these external sites.