SAMLを使用したシングルサインオンを構成する
To streamline the process, we recommend keeping two browser tabs open: one for )DigiCert® account and another for your Identity Provider (IdP). This setup allows you to easily reference both platforms and complete the configuration without interruptions.
Prerequisites
Before configuring SAML in DigiCert® account:
会社の IdP サービス(Active Directory、Okta、Salesforce、その他のユーザー管理サービスなど)に対して、管理者アクセス権があること。
PingOne や Okta などの自社のIDPサービスにアクセスでき、使い慣れていること。
IDP メタデータと SAML 証明書を所有していること。
To enable and configure SSO with SAML
DigiCert アカウントにサインインします。
DigiCert アカウントメニューで、[アカウント]アイコンから[Sign-in methods]を選択します。
Select Single-Sign-On with SAML.
In the Connect your IdP to DigiCert section, upload your IdP metadata (including the SAML certificate) to allow DigiCert to communicate with your IdP for SAML authentication.
Select Download DigiCert metadata.
In the Connect DigiCert to your IdP section, upload the DigiCert metadata to your IdP to enable your IdP to communicate with DigiCert for SAML authentication.
Once both steps are completed, in the Enable/Disable SSO with SAML section, toggle the button to enable SSO with SAML.
Select Save configuration.
Troubleshooting
Sign in to your Okta Admin dashboard
Go to Applications > Applications.
Select Create App integration:
Select SAML 2.0 as the Sign-on method.
Select Next.
Enter DigiCert® account as the App name.
Optional: Add a logo to the App logo field.
On the Configure SAML tab, complete the following fields:
Paste the SSO URL from DigiCert account in to the Single sign-on URL field.
Paste the value at the end of the SSO URL in the Audience URI (SP Entity ID) field.
On the Sign On tab, scroll down to the SAML Signing Certificates section.
Select the Actions button next to the active certificate.
Select View IDP Metadata from the drop-down menu.
A new browser tab will open with the metadata.
A new browser tab will open with the metadata. Right-click anywhere on the page and select Save As or Save Page As.
Choose a location: to save the file.
Upload the metadata file in DigiCert® account.
注記
For more information, refer to Okta Help Center.
Sign in to the Microsoft Entra admin center.
In the left-hand navigation menu, navigate to Identity > Applications > Enterprise applications.
Select New application.
From the application's overview, select Single sign-on > SAML from the left-hand menu.
Select the pencil icon next to the Basic SAML configuration section.
Select Upload metadata file from DigiCert® account.
Select Single sign-on from the left-hand menu.
Scroll down to the SAML Signing Certificate section.
Select Download next to Federation Metadata XML.
Upload the metadata file in DigiCert® account.
注記
For more information, refer to Microsoft Learn.
Sign in to the PingOne admin console.
Navigate to Applications > Integration > SP Connections.
Select Create Connection.
On the Connection Template tab, select Do not use a template for this connection.
Select Next.
On the Connection Type tab, select the Browser SSO Profiles checkbox.
In the Protocol list, select SAML 2.0.
Select Next.
On the Connection Options tab, leave the Browser SSO checkbox selected.
Select Next.
On the Import Metadata tab, import DigiCert metadata, or insert the SSO URL.
Select Next.
On the General Info tab, provide DigiCert® account in the Connection Name field.
Select Next.
On the Connection tab, select Download PingOne Metadata.
Upload the metadata file in DigiCert® account.
注記
For more information, refer to Ping Identity.
Two-Factor Authentication and SSO with SAML
2FA が有効になっている場合、たとえ IdP (ID プロバイダ)に対してすでに OTP を入力していても、デジサートはサインイン時に OTP の入力を再度求めます。