Allow user creation via SSO
The single sign-on (SSO) user creation feature in DigiCert ONE simplifies the process of adding users to your account. Instead of manually entering user details and selecting user roles, you can enable users from specific email domains to join your account using their SSO credentials. A default user role will be assigned to the user, which can be updated by the DigiCert ONE system administrator if required. This ensures a secure and efficient onboarding process.
Nota
This workflow is currently only supported in Document Trust Manager and Trust Lifecycle Manager.
Prerequisites
User creation via SSO can only be configured if all of these prerequisites are met:
Enable a SSO sign in method (SAML or OIDC).
Account must be licensed to use either Document Trust Manager or Trust Lifecycle Manager.
Specify allowed email domains
Enter one or more email domains to allow for user creation via SSO. Users with email addresses from these domains can join this account after successful SSO authentication.
Nota
Adding and removing allowed email domains can only be performed by a system administrator with Manage account
permission.
For accounts hosted by DigiCert, contact your account manager to enable this feature.
For self-hosted accounts, contact the system administrator within your organization to enable this feature by following the steps below.
To specify allowed email domains for user creation via SSO:
Sign in to DigiCert ONE.
Navigate to the Manager menu icon (top-right), select Account.
In the left navigation menu, select Accounts.
On the Accounts page, select the Name of the account.
On the Account details page, in the Allow user creation via SSO section, enter one or more domains.
Nota
This field will only display if all the prerequisites mentioned above have been met.