Skip to main content

Create a DigiCert ONE Login profile

Refer to Create a certificate profile with DigiCert Trust Assistant on the general steps to create a certificate profile for DigiCert Trust Assistant. This page explains the specific options available for profiles selected as DigiCert ONE Login for Authentication method.

The following options will be available under the method selection.

  • Auto-enroll/ renew certificates: Controls whether to automatically issue and renew certificates through DigiCert Trust Assistant. The following explains in details of the differences.

    • When enabled

      • Issues and renews certificates through DigiCert Trust Assistant.

      • Can manually enroll or renew from DigiCert Trust Assistant application window.

      • The certificate’s source for the field's value will be restricted to only User info and Fixed value, to limit any user intervention required during the automation flow.

      • User will still be prompted for PIN/Password based on token requirement.

    • When dissabled

      • Does not automatically issue and renew certificates through DigiCert Trust Assistant.

      • Can manually enroll or renew from DigiCert Trust Assistant application window.

      • The certificate’s source for the field's value will additionally allow Entered by User.

  • Restrict user access based on Identity Provider (IdP) metadata: Select this option to configure authorized user groups. Only users with the configured attributes will be able to access this profile.

    For example, specifying group as Key and Sales as Value will only allow users with attribute group=Sales to issue certificates from this profile. Select OR to add more Key Value configuration to expand the target of allowed user groups. So adding group as Key and Marketing as Value will allow both user with group=Sales and group=Marketing access to this profile. Refer to Idp attribute mapping on how user attributes from the IdP will get relayed to DigiCert ONE.

Using User info as field source

For profiles configured with DigiCert ONE Login, you can use user information relayed from your organization’s Identity Provider to be printed on the issued certificate.

  1. In the Subject DN and SAN fields section, you can add Subject DN and Subject Alternative Name (SAN). Selecting User info will allow you to select the specific user info attribute to use for the field.

    For example, if you add Email for Subject DN field and selected Email as User info attribute, issued certificate will display user’s email used in your organization’s Identity Provider.

    You can select the following as User info attribute:

    • Name

    • Email

    • Surname

    • Given name

    • Phone

    • Custom

  2. Select Custom to configure any other user attribute not in the predefined list. Refer to Idp attribute mapping on how user attributes from the IdP will get relayed to DigiCert ONE.

Allowing duplicate certificates across multiple machines

Select Allow duplicate certificates under the Flow section, users will be allowed to issue certificates to multiple machines from one profile consuming only one seat. Select this option if the you need to issue certificates with same Subject DN across different machines. When this option is disabled, you will be able to issue the certificate to only one machine per profile.

In questa sezione: