Skip to main content

Enroll for certificates using your SAML IdP for authentication

Test the enrollment and issuance of a user certificate using your SAML IdP to authenticate the user. You can initiate a request via your IdP or SP.SAML IdP-initiated flow

SAML IdP-initiated flow

To initiate an enrollment request with your IdP for a user certificate:

  1. As a user, login to your Okta SSO portal.

  2. Select the configured DigiCert​​®​​ Trust Lifecycle Manager application.

  3. You are re-directed to the DigiCert​​®​​ Trust Lifecycle Manager enrollment form.

    1. Use the URL provided to download DigiCert Trust Assistant client.

    2. Install the DigiCert Trust Assistant client.

    3. Enter the values for any profile fields that you configured from the Entered by User source.

    4. All other profile fields that have a source from the SAML Assertion are retrieved so Okta can use them.

    5. Select Create to create the enrollment.

  4. Select Install certificate. When you click install certificate, you install the issued certificate on the target KeyStore using the DigiCert Trust Assistant client. This action:

    • Generates a key pair and CSR.

    • Submits a request to the Issuing CA configured on your profile.

    • Installs the certificate on the required operating system's KeyStore or Keychain for Mac computers.

  5. If successful, a "Certificate installed successfully" banner appears.

  6. Launch the DigiCert Trust Assistant on your computer to check your certificate.

  7. Select Tokens from the left menu and select your token type, for example Windows CryptoAPI.

  8. Use the common name (CN) or the From date filters on the page to search for your certificate.

  9. Select the Details (in the three dot menu) to view the certificate details.

SAML SP-initiated flow

To initiate an enrollment request with your SP for a user certificate:

  1. Visit the SAML SP Enrollment URL available from your DigiCert​​®​​ Trust Lifecycle Manager profile.

  2. You will be redirected to your SAML IdP provider to authenticate.

    If successfully authenticated, you will be redirected back to the DigiCert​​®​​ Trust Lifecycle Manager enrollment form.

  3. Follow the steps on the enrollment page to get your certificate.

If you run into any errors, see Troubleshoot SAML errors.

In questa sezione: