Configure OIDC SSO between DigiCert and Entra
Use this procedure to configure single sign-on (SSO) between your DigiCert® account and Entra using OpenID Connect (OIDC).
You need to finish setup in both DigiCert and Entra, and switch between the two tabs to exchange URLs and other information.
When finished, users in your account are able to sign in from the DigiCert sign in page with their Entra credentials.
Nota
For more information, refer to Entra Help Center.
Before you begin
You need elevated privileges in DigiCert account and Entra to configure SSO:
Account admin user group required in DigiCert account.
Application Administrator or equivalent role required in Entra.
Access DigiCert's OIDC configuration page:
In the DigiCert® account menu, select the Accounts icon > sign in methods.
Select Single sign-on with OIDC.
Keep this tab open.
In another tab, create an OIDC app for your DigiCert account:
Sign in to your Microsoft Entra admin center.
Go to Devices > App registrations.
Select New registration.
Enter DigiCert account in the Name field.
In the Supported account types, keep the default Accounts in this organizational directory only.
In the Redirect URI section select Web as the platform.
Leave the Redirect URI field blank for now.
Select Register.
Keep this tab open.
Provide the following Entra information to DigiCert:
Copy the Application (client) ID field and paste it in the following fields in DigiCert account:
Client ID
ID token audience
In the Client credentials field, select Add a certificate or secret.
On the Client secrets tab, select + New client secret.
In the Description field, enter a name.
In the Expires field, select a timeframe.
Select Add.
Copy the Value of the client secret you just created and paste it into the Client secret field in DigiCert account.
In the application menu, select Overview > Endpoints.
Copy the OpenID Connect metadata document URL and paste it into the Provider URL in DigiCert account.
Example:
https://login.microsoftonline.com/a0b1c3-.../v2.0/.well-known/openid-configuration
In the left pane, select Overview.
Keep this tab open.
Provide DigiCert information to Entra:
In the Redirect URIs field, select Add a Redirect URI.
In the Platform configurations section, select + Add a platform.
Select Web.
In the Configure Web page:
Paste the Redirect URI from DigiCert account into the Redirect URIs field.
Paste the Logout URL from DigiCert account into the Front-channel logout URL field.
Select Configure.
On the Platform configurations page, in the Web Redirect URIs section, select Add URI.
Paste the Login URL from DigiCert account.
Select Save.
In Entra's application menu, select Overview.
In the Application ID URI field, select Add an Application ID URI.
In the Application ID URI field, select Add.
Select Save.
In the Enable/Disable SSO with SAML section, switch to enable SSO.
Select Save configuration.
Ensure that all users in your DigiCert account are assigned to the SAML application in Microsoft Entra admin center:
Go to Manage > Enterprise applications.
Select the DigiCert account application you created.
From the application's overview, select Assign users and groups.
Select +Add user/group.
Attempt to sign in to DigiCert account, using your Entra credentials:
Sign in to DigiCert® account.
Provide your Entra username.
Select Sign in with your company's SSO.
Suggerimento
When 2FA is enabled, DigiCert will skip the OTP prompt if you have already provided an OTP to your IdP.
Your SAML app is configured correctly if:
You use 2FA to access your IdP, and you are automatically signed in to DigiCert account.
You don't use 2FA to access your IdP, you are redirected to DigiCert account and asked to complete two-factor authentication (2FA).
If you are not able to sign in with SSO, please compare your app settings to the instructions above or contact DigiCert support for assistance.