Difference when converting SAML SSO-only and SAML SSO account users

When converting SAML SSO-only and account users, it's important to understand the differences in the processes.

Convert SAML SSO account user to SAML SSO-only user

When you convert an account user to a SAML SSO-only user, the account user’s password is revoked. They can no longer sign in to their CertCentral account directly via the DigiCert URL. If you ever convert them back to an account user, they'll need to complete their account setup again.

They will receive an email that contains the custom SSO URL used to sign in to their CertCentral account. They can also access the custom SSO URL from the DigiCert Account Login page.

Convert SAML SSO-only user to SAML SSO account user

When you convert a SAML SSO-only user account to an account user, the user will receive an email with instructions for completing their account setup and signing in.

To convert a SAML SSO-only user to an account user, the administrator or manager can't be a SAML SSO-only type user.

IdP initiated login URL

If you opt to use an IdP initiated login URL, you'll need to provide it to all your users.

If you want your users to only use your IdP initiated URL to sign in to their account, you'll need to instruct them not to use the one provided in the email that is sent to them. You'll also need to tell them to ignore the If you use SSO, click here to login link on the DigiCert account sign in page.