Make sure you meet the prerequisites:
See SAML single sign-on prerequisites and SAML service workflow.
Go to the Federation Settings page
Set up your identity provider metadata
On the Federation Settings page, in the Your IDP's Metadata section, complete the tasks below.
<AttributeStatement>
<Attribute
Name="email"
>
<AttributeValue>
user@example.com
</AttributeValue>
</Attribute>
</AttributeStatement>
Add the DigiCert service provider (SP) metadata
On the Single Sign-on (SSO) page, in the DigiCert’s SP Metadata section, complete one of these tasks to add the DigiCert SP metadata to your IdP's metadata:
Configure SSO Settings for users
When adding users to your account, you can restrict users to Single Sign-on authentication only (SSO-only users). These users don't have API access (e.g., can't create working API keys).
To allow SSO-only users to create API keys and build API integrations, check Enable API access for SSO-only users.
The Enable API access for SSO-only users option allows SSO-only users with API keys to bypass Single Sign-on. Disabling API access for SSO-only users doesn't revoke existing API keys. It only blocks the creation of new API keys.
Sign in and finalize the SAML SSO to CertCentral connection
On the Single Sign-on page, in the SP Initiated Custom SSO URL section, copy the URL and paste it into a browser. Then, use your IdP credentials to sign in to your CertCentral account.
If you prefer, use an IdP initiated login URL to sign in to your CertCentral account instead. However, you'll need to provide your SSO users with this IdP initiated URL or application.
Start managing your Single Sign-on users in your account (add SAML SSO-only users to your account, convert existing account users to SAML SSO-only users, etc.). See Managing SAML Single Sign-on (SSO) users and Allow access to SAML Settings permission.