Configure SAML SSO between DigiCert and Microsoft Entra ID
This guide walks you through setting up Single Sign-On (SSO) between your DigiCert® account and Microsoft Entra ID using SAML 2.0.
You will switch between DigiCert and Entra tabs to exchange metadata and URLs. Once setup is complete, users in your account can sign in to DigiCert using their Entra credentials, either from the Entra dashboard or the DigiCert sign-in page.
For more details about Entra configuration, refer to Microsoft Learn.
Before you begin
To complete this setup, you need administrative access in both DigiCert and Microsoft Entra:
Account admin user group required in DigiCert account.
Application Administrator or equivalent role required in Entra.
Tip
Keep both DigiCert and Entra open in separate tabs so you can easily copy metadata between them.
Access DigiCert's SAML configuration page and download DigiCert’s metadata file:
Tip
You will upload this metadata to Microsoft Entra in Step 2.
In the DigiCert® account menu, select the Accounts icon > Sign-in methods.
Select Single sign-on with SAML.
In the Connect DigiCert to your IdP section, select Download DigiCert metadata.
Leave this window open.
In another tab, create a SAML application for your DigiCert account in Entra:
Tip
In this step, you'll need to:
Sign in to the Microsoft Entra admin center.
In the left pane, select Microsoft Entra ID.
In the left pane of Microsoft Entra ID, select Manage > Enterprise applications.
Select New application.
In the Search application field, enter DigiCert.
Select the application for DigiCert, Inc.
In the Name field, change the name to DigiCert account.
Select Create.
To download Entra metadata:
In the left pane, select Manage > Single sign-on.
Go to the SAML Certificates section.
Select Download next to Federation Metadata XML.
To upload DigiCert's metadata, select Upload metadata file.
Leave this window open.
Back in your DigiCert® account tab, upload the Entra metadata that you downloaded in Step 2 and enable SSO:
In the Connect your IdP to DigiCert section, select Upload IdP metadata.
In the Enable/Disable SSO with SAML section, toggle to enable SSO.
Select Save configuration.
Ensure that all users in your DigiCert account are also assigned to the SAML application in Microsoft Entra admin center:
Go to Manage > Enterprise applications.
Select the DigiCert account application you just created.
From the application's overview, select Assign users and groups.
Select +Add user/group.
Verify that you are able to sign in using your SAML application from Microsoft Entra admin center:
Go to Manage > Enterprise applications.
Select the DigiCert account application you just created.
Select Manage > Single sign on.
Select Test this application.
Select Test sign in.
On the Success! page, select Done.
On the Let's keep your account secure page, select Next.
On the second Success! page, select Done.
On the second Let's keep your account secure page, select Next.
Tip
Your SAML app is configured correctly if you are redirected to DigiCert account and asked to complete two-factor authentication (2FA).
If you are not redirected to the 2FA page in DigiCert account, please compare your app settings to the instructions above or contact DigiCert support for assistance.
DigiCert logos
Use of DigiCert's logo must at all times comply with DigiCert brand guidelines, including the DigiCert Trademark Usage Guidelines available at https://www.digicert.com/legal-repository/ (as updated from time to time).
DigiCert logo's for SSO configuration.