Skip to main content

DigiCert ONE Login - Supplying claims using Okta

You can configure Okta to add claims to OIDC ID token. This is required for DigiCert ONE login through DigiCert​​®​​ Trust Assistant using OIDC. For generic information about the configuration, such as configuring single sign-on, creating user, editing user information, and creating and adding a user to groups, refer to official Okta documentation.

Add group in Okta

  1. In Okta, go to Directory > Groups, and select Add group.

  2. In the Name field, enter the name for the group and select Save.

  3. To specify the group to a user, select the created group under the Group name column.

  4. Select Assign people.

  5. Click the + sign next to the name to assign people to the group.

Add or edit custom user attributes

  1. Go to Directory > Profile Editor and select User (default).

  2. Select Add Attribute.

  3. In the Add Attribute page, enter the required information in the fields and select Save.

  4. To edit user attributes, go to Directory > People and select the target user.

  5. Select the Profile tab and select Edit.

  6. Edit the attribute and select Save.

Supply attribute in claim

  1. In Okta, go to Security > API and under the Authorization Servers tab, select the API used for DigiCert One login.

  2. In the Claims tab, select Add Claim.

  3. In the Add Claim window, add first name to the claim with the following information, and select Create:

    1. Name: first_name

    2. Include in token type: ID Token, Always

    3. Value type: Expression

    4. Value: user.firstName

  4. Add one more claim, last name:

    1. Name: last_name

    2. Include in token type: ID Token, Always

    3. Value type: Expression

    4. Value: user.lastName

  5. (Optional) To add additional user information to the certificate issued by the user, you must add those attributes to the ID Token. Add the claims in the same manner as above.

Supply group in claim

  1. In Okta, go to Security > API and under the Authorization Servers tab, select the API used for DigiCert One Login.

  2. In the Claims tab, select Add Claim.

  3. In the Add Claim window, enter or select the following information, and select Create:

    1. Name: groups

    2. Include in token type: ID Token, Always

    3. Value type: Groups

    4. Filter: Matches regex, .*

Check ID token

You can preview the ID Token in the Token Preview tab. Ensure that you select:

  • Grant type: Authorization Code

  • Scopes: openid

Additional references

The following are links to official guides on Okta with more details about the process explained above.

Note

DigiCert provides these third-party URLs for your convenience. While we aim to link to reputable sources, we are not responsible for the content or availability of these external sites.