Skip to main content

SAMLを使用したシングルサインオンを構成する

To streamline the process, we recommend keeping two browser tabs open: one for DigiCert ONE and another for your Identity Provider (IdP). This setup allows you to easily reference both platforms and complete the configuration without interruptions.

Prerequisites

Before configuring SAML in DigiCert ONE:

  • PingOne や Okta などの自社のIDPサービスにアクセスでき、使い慣れていること。

  • Make sure authentication from your IdP signs the assertion.

    注記

    Signing SAML response is optional.

Connect DigiCert to your IdP

DigiCert ONE アカウントを設定し、ユーザーが既存の会社の信用情報でサインインするようにします。

  1. Sign in to DigiCert ONE.

  2. Navigate to the Manager menu icon (top-right), select Account.

  3. In the left navigation menu, select Accounts.

  4. アカウントページで、アカウントの名前を選択します。

  5. On the Account details page, navigate to the Sign-in settings for all-account-access users section.

  6. Select the pencil icon next to Single sign-on with SAML.

  7. Copy the SSO URL.

    ヒント

    This URL will be required in step 8, 9, and 10 of the Connect your IdP to DigiCert instructions.

  8. Open another browser and begin the process below. Only proceed to the next step once you have completed step 16.

  9. Select Upload IdP metadata.

    ヒント

    Select the metadata file that you created in with step 16 of the Connect your IdP to DigiCert instructions.

  10. 準備ができたら、保存を選択します。

  11. Create a user with the same username as the user in your IdP.

    ヒント

    If the user already exists in DigiCert ONE, update their username to match their user details in your IdP.

Connect your IdP to DigiCert

注記

These instructions are based on Okta. If you are using a different IdP, look for similar fields or refer to your IdP's documentation for guidance.

Configure your IdP to recognize your DigiCert ONE account:

  1. Sign into IdP as an administrator.

  2. In the left hand menu, select Applications.

  3. Click Create App Integration button.

  4. Select SAML 2.0.

  5. Click Create.

  6. Name the Application.

    ヒント

    Optional: Add a logo.

  7. Select Next.

  8. Paste URL into OKTA under Single sign-on URL & Audience URI (SP Entity ID).

    ヒント

    See step 6 of the Connect DigiCert to IdP instructions.

  9. Select Next.

  10. Select Finish.

  11. In the SAML Setup section, select View SAML Setup Instructions.

  12. Copy your IdP metadata.

  13. Paste into word processor (like Notepad, etc.)

  14. Save as a .xml file.

  15. Switch back to the Account Manager tab.

    ヒント

    Proceed with step 8 of the Connect DigiCert to IdP instructions.

  16. Select Directory > People.

  17. Select Add person or identify the user in the list.

    ヒント

    The DigiCert ONE username must match IdP username.

  18. Select the user.

  19. Click on Assign Application on the user details page.

  20. Assign DigiCert ONE from application list.

    ヒント

    The user will receive an activation email (Subject line: Single sign-on access for DigiCert ONE). The user will need to follow the instructions in the email to be able to sign in to DigiCert ONE via Okta.

Add single sign-on users

New users

To add new users to DigiCert ONE accounts with SSO, the assigned username in DigiCert ONE must match that of the IdP username.

注記

  • When Standard Sign-on is disabled, only the SAML 2.0 username is active.

  • When Standard sign-on is enabled, the DigiCert ONE and IdP usernames must be kept identical.

  • DigiCert ONE currently does not support auto-creation/registration of users via the IdP.

Existing users

  • Usernames: For existing DigiCert ONE users, the username is tied to the Standard Sign-on (even if standard sign-on is disabled), prior to enabling SSO. In the Edit user details, a new field SAML 2.0 SS0 Username appears. By default, it takes the DigiCert ONE username. Modify the username here to match with the IdP, if required.

    SAML.png
  • Notification: Existing user receives an email on SSO activation notifying them how to log in.

For Azure AD from another source

Users need to modify their SAML configuration in Azure to ensure the assertion signed. To do this:

  • Open the SAML configuration.

  • Click Edit beside SAML Signing Certificate.

  • Select Sign SAML assertion beside Signing Option, and click Save.

    注記

    Signing SAML response is optional.

    Azure_SAML.png

Two-Factor Authentication and SSO with SAML

You will be prompted to enter an OTP when signing in even if you have already provided an OTP to your identity provider (IdP).

次の操作

DigiCert メタデータをIDPに追加したら、サインインして、DigiCert ONE へのシングルサインオン接続を確立させます。

DigiCert ONE は、お使いのアカウントの既存ユーザーにDigiCert ONEへのシングルサインオンアクセスメールを送信します。このメールでは、自分のアカウントであなたがSSOを有効にしたことを知らせます。SSOサインインページにアクセスするには、DigiCert ONEにサインインを選択する必要があります。アカウントへのサインインには、SSO URLを使用します。

発行日: