Create certificate profiles for SAML IdP authentication
Available certificate templates
Use one of the following base templates to create certificate profiles in DigiCert® Trust Lifecycle Manager for SAML IdP authentication.
Create a certificate profile
To create a certificate profile for SAML IdP authentication in DigiCert® Trust Lifecycle Manager:
From the Trust Lifecycle Manager main menu, select Policies > Certificate profiles.
Select the Create profile from template action at the top of the page.
Select one of the templates from the above table as the basis for creating the certificate profile.. This example uses the
Generic User Certificate
template.On the Primary options page:
Create a name for the profile.
Select the appropriate business unit and the issuing CA.
Select an enrollment method. In this example, we use
DigiCert Trust Assistant
with the "Operating System KeyStore" option.Select
SAML IdP
as the authentication method.Select Next.
On the Certificate options page:
Set the validity period of the certificate, the required key type and size, the signing algorithm, the renewal window, and the required certificate fields, for example the common name and email address.
Select the appropriate source for the field (SAML Assertion, Entered by User).
When you select SAML Assertion as the source field, make sure to enter the SAML attribute name that your SAML IdP provider will use to populate the certificate field.
Select Next.
Configure the required certificate Extensions.
Key usages
Extended key usages
Select Next.
Configure Additional options.
The certificate's delivery format
Email configuration and notifications
LDAP search
Contact details. The details appear on the end-user enrollment pages. This info allows end users to contact the team that can support them with SAML enrollment issues.
Select Next.
Configure Advanced settings.
The Seat Id Mapping certificate field is used to uniquely identify user requests and binds them to your seat.
Use your SAML IdP configuration data here. In the Configure SAML IdP section, upload your SAML IdP Metadata file.
Otherwise, enter temp data to save the profile. For example:
Identity Provider URL: http://temp.com
Identity Provider Issuer: temp
Identity Provider Single Logout URL (optional): https://temp.logout.com
Identity Provider Certificate: temp
Select Create to save the profile configuration. You are then redirected to the Profile details page.
On the Profile details page, scroll down and select the Advanced settings section. In that section, select Download SP Metadata to download the DigiCert SAML metadata file.
注記
For Okta, the Single Sign On URL, Audience Restriction, and Default RelayState values are used.
The SAML Service Provider (SP) metadata file and certificate are not required, although other SAML IdP vendors do require the configuration data in such formats.
When you have a profile for SAML IdP authentication, Create your Okta SAML application.