Skip to main content

SAMLを使用したシングルサインオンを構成する

We recommend keeping two browser tabs open: one for DigiCert® account and another for your identity provider (IdP). This setup allows you to easily reference both platforms and complete Security Assertion Markup Language (SAML) 2.0 configuration without interruptions.

Prerequisites

Before configuring SAML in DigiCert® account:

会社の IdP サービス（Active Directory、Okta、Salesforce、その他のユーザー管理サービスなど）に対して、管理者アクセス権があること。
PingOne や Okta などの自社のIDPサービスにアクセスでき、使い慣れていること。
IDP メタデータと SAML 証明書を所有していること。

Set up SSO with SAML

DigiCert アカウントメニューで、［アカウント］アイコンから［Sign-in methods］を選択します。
Select Single-Sign-On with SAML.
In the Connect DigiCert to your IdP section, select Download DigiCert metadata.
Where do I upload DigiCert metadata in my IdP?
In the Connect your IdP to DigiCert section, select Upload IdP metadata.
Where do I download my IdP metadata?
When both steps are finished, in the Enable/Disable SSO with SAML section, switch to enable SSO with SAML.
Select Save configuration.

Troubleshooting

To configure SSO with SAML, you need to create a SAML application for DigiCert® account in your IdP. During the process of creating this application, you need to provide DigiCert's metadata. When the application is created, you can download your IdP metadata that you need to provide to DigiCert® account.

ヒント

To perform this action, you must be an admin in your IdP.

How do I create a SAML app for DigiCert in my IdP?

Select your IdP:

Where do I upload DigiCert metadata in my IdP?

Select your IdP:

例 4. Microsoft Entra ID

For complete setup instructions, see Create SAML application in Entra.

If your SAML app is already created:

Sign in to the Microsoft Entra admin center.
In the left pane, navigate to Microsoft Entra ID > Manage > Enterprise applications.
Select your SAML application for DigiCert account.
In the left pane, select Manage > Single sign-on.
Go to the SAML Certificates section.
Select Upload metadata file.

例 5. Okta

Okta doesn’t support metadata uploads. Copy the SSO URL from your DigiCert account and enter it into Okta instead.

For complete setup instructions, see Create SAML application in Okta.

If your SAML app is already created:

Sign in to your Okta Admin dashboard.
Go to Applications > Applications.
Select your SAML application for DigiCert account.
On the Configure SAML tab, finish the following fields:
Enter the SSO URL from DigiCert account into the following fields:
1. Single sign-on URL
2. Audience URI (SP Entity ID)

例 6. Google Workspace

Google Workspace doesn’t support metadata uploads. Copy the SSO URL from your DigiCert account and enter it into Google Workspace instead.

For complete setup instructions, see Create SAML application in Google Workspace.

If your SAML app is already created:

Sign in to the Google Admin console.
In the left pane, navigate to Apps > Web and mobile apps.
Select your SAML application for DigiCert account.
On the SAML app overview, select Edit details.
Enter the SSO URL in both of these fields:
1. ACS URL
2. Entity ID

Where do I download my IdP metadata?

Select your IdP:

例 7. Microsoft Entra ID

For complete setup instructions, see Create SAML application in Entra.

If your SAML app is already created:

Sign in to the Microsoft Entra admin center.
In the left pane, navigate to Microsoft Entra ID > Manage > Enterprise applications.
Select your SAML application for DigiCert account.
In the left pane, select Manage > Single sign-on.
Go to the SAML Certificates section.
Select Download next to Federation Metadata XML

例 8. Okta

For complete setup instructions, see Create SAML application in Okta.

If your SAML app is already created:

Sign in to your Okta Admin dashboard.
Go to Applications > Applications.
Select your SAML application for DigiCert account.
Select the Sign On tab > View SAML setup instructions
In the Optional section, copy the IdP metadata.
Enter the IdP metadata into a notepad and save the file in .xml format.

例 9. Google Workspace

For complete setup instructions, see Create SAML application in Google Workspace.

If your SAML app is already created:

Sign in to the Google Admin console.
In the left pane, navigate to Apps > Web and mobile apps.
Select your SAML application for DigiCert account.
On the SAML app overview, select Download metadata.

How can I test that my SAML app works?

Select your IdP:

例 10. Microsoft Entra ID

For complete setup instructions, see Create SAML application in Okta.

If your SAML app is already created:

Sign in to the Microsoft Entra admin center.
In the left pane, navigate to Microsoft Entra ID > Manage > Enterprise applications.
Select your SAML application for DigiCert account.
Select Manage > Single sign on.
Select Test this application.
Select Test sign in.
On the Success page, select Done.
On the Let's keep your account secure page, select Next.
On the second Success page, select Done.
On the second Let's keep your account secure page, select Next.
ヒント
- Your SAML app is configured correctly if you’re redirected to your DigiCert account and asked to finish two-factor authentication (2FA).
- Not redirected to the 2FA page in your DigiCert account? Compare your SAML app settings to these instructions or contact DigiCert Support for assistance.

例 11. Okta

For complete setup instructions, see Create SAML application in Okta.

If your SAML app is already created:

Sign in to your Okta Admin dashboard.
Select ∷ > My end user dashboard.
Select the DigiCert account app that you created.
ヒント
- Your SAML app is configured correctly if you’re redirected to your DigiCert account and asked to finish two-factor authentication (2FA).
- Not redirected to the 2FA page in your DigiCert account? Compare your SAML app settings to these instructions or contact DigiCert Support for assistance.

例 12. Google Workspace

For complete setup instructions, see Create SAML application in Google Workspace.

If your SAML app is already created:

Sign in to the Google Admin console.
In the left pane, navigate to Apps > Web and mobile apps.
Select your SAML application for DigiCert account.
On the DigiCert app overview, select TEST SAML LOGIN.
In the Can't test SAML login modal, select Allow access.
In the Service status field, select the radio button next to ON for everyone.
Select Save.
Return to the DigiCert app overview, select TEST SAML LOGIN.
ヒント
- Your SAML app is configured correctly if you’re redirected to your DigiCert account and asked to finish two-factor authentication (2FA).
- Not redirected to the 2FA page in your DigiCert account? Compare your SAML app settings to these instructions or contact DigiCert Support for assistance.

Two-factor authentication and SSO with SAML

2FA が有効になっている場合、たとえ IdP （ID プロバイダ）に対してすでに OTP を入力していても、デジサートはサインイン時に OTP の入力を再度求めます。

このセクションの内容:

これは役に立ちましたか？