Configure SAML SSO between DigiCert and Google Workspace
This guide walks you through setting up Single Sign-On (SSO) between your DigiCert® account and Google Workspace using SAML 2.0.
You will switch between DigiCert and Google Workspace tabs to exchange metadata and URLs. Once setup is complete, users in your account can sign in to DigiCert using their Google Workspace credentials, either from the Google Workspace dashboard or the DigiCert sign-in page.
For more details about Google Workspace configuration, refer to Google Workspace.
Before you begin
To complete this setup, you need administrative access in both DigiCert and Google Workspace:
Account admin user group required in DigiCert account.
Application Administrator or equivalent role required in Google Workspace.
Step 1: Access DigiCert SSO settings
Access DigiCert's SAML configuration page:
In the DigiCert® account menu, select the Accounts icon > Sign-in methods.
Select Single sign-on with SAML.
Leave this window open.
Step 2: Create SAML application in Google Workspace
In another tab, create a SAML application for your DigiCert account in Google Workspace:
Sign in to the Google Admin console.
In the left-hand navigation menu, navigate to Apps > Web and mobile apps.
In the App name field, enter DigiCert account.
In the Description field, enter a custom description.
Example: DigiCert's single login experience
In the App icon field, upload the DigiCert icon.
Select Continue.
In the Download IdP metadata section, select Download metadata.
Select Continue.
Leave this window open.
Step 3: Upload Google Workspace metadata to DigiCert
Back in your DigiCert® account tab:
In the Connect your IdP to DigiCert section, select Upload IdP metadata.
In the Connect DigiCert to your IdP section, copy the SSO URL.
In the Enable/Disable SSO with SAML section, toggle to enable SSO.
Select Save configuration.
Step 4: Back in Google Workspace
Paste the SSO URL in both of these fields:
ACS URL
Entity ID
In the Name ID format field, select Email.
In the Name ID field, keep the default Basic information > Primary email.
Select Continue.
In the Attributes section, select Add mapping.
Below the Google Directory attributes field, select Primary email.
Below the App attributes field, type email.
Select Finish.
Go to Apps > Web and mobile apps.
Select the DigiCert app you just created.
In the User access section, select View details.
In the Organizational units section, select the group you want to assign.
In the Service status field, select the radio button next to On.
Select Save.
Tip
Need help? Create a Organizational Unit in Google Workspace.
Go to Apps > Web and mobile apps.
Select the DigiCert app you just created.
On the DigiCert app overview, select TEST SAML LOGIN.
In the Can't test SAML login modal, select Allow access.
In the Service status field, select the radio button next to ON for everyone.
Select Save.
Return to the DigiCert app overview, select TEST SAML LOGIN.
Tip
Your SAML app is configured correctly if you are redirected to DigiCert account and asked to complete two-factor authentication (2FA).
If you are not redirected to the 2FA page in DigiCert account, please compare your app settings to the instructions above or contact DigiCert support for assistance.
DigiCert logos
Use of DigiCert's logo must at all times comply with DigiCert brand guidelines, including the DigiCert Trademark Usage Guidelines available at https://www.digicert.com/legal-repository/ (as updated from time to time).
DigiCert logo's for SSO configuration.