Skip to main content

Configure single sign-on with SAML

We recommend keeping two browser tabs open: one for DigiCert® account and another for your identity provider (IdP). This setup allows you to easily reference both platforms and complete Security Assertion Markup Language (SAML) 2.0 configuration without interruptions.

Prerequisites

Before configuring SAML in DigiCert® account:

Have administrator access to your company's IdP service, such as Microsoft Entra, Okta, Google Workspace, or other user management service.
Make sure authentication from your IdP signs the response and the assertion.
Have your IdP metadata and SAML certificate.

Set up SSO with SAML

In DigiCert® account, select the Accounts icon > sign in methods.
Select Single-Sign-On with SAML.
In the Connect DigiCert to your IdP section, select Download DigiCert metadata.
Where do I upload DigiCert metadata in my IdP?
In the Connect your IdP to DigiCert section, select Upload IdP metadata.
Where do I download my IdP metadata?
When both steps are finished, in the Enable/Disable SSO with SAML section, switch to enable SSO with SAML.
Select Save configuration.

Troubleshooting

To configure SSO with SAML, you need to create a SAML application for DigiCert® account in your IdP. During the process of creating this application, you need to provide DigiCert's metadata. When the application is created, you can download your IdP metadata that you need to provide to DigiCert® account.

Tip

To perform this action, you must be an admin in your IdP.

How do I create a SAML app for DigiCert in my IdP?

Select your IdP:

Where do I upload DigiCert metadata in my IdP?

Select your IdP:

voorbeeld 4. Microsoft Entra ID

For complete setup instructions, see Create SAML application in Entra.

If your SAML app is already created:

Sign in to the Microsoft Entra admin center.
In the left pane, navigate to Microsoft Entra ID > Manage > Enterprise applications.
Select your SAML application for DigiCert account.
In the left pane, select Manage > Single sign-on.
Go to the SAML Certificates section.
Select Upload metadata file.

voorbeeld 5. Okta

Okta doesn’t support metadata uploads. Copy the SSO URL from your DigiCert account and enter it into Okta instead.

For complete setup instructions, see Create SAML application in Okta.

If your SAML app is already created:

Sign in to your Okta Admin dashboard.
Go to Applications > Applications.
Select your SAML application for DigiCert account.
On the Configure SAML tab, finish the following fields:
Enter the SSO URL from DigiCert account into the following fields:
1. Single sign-on URL
2. Audience URI (SP Entity ID)

voorbeeld 6. Google Workspace

Google Workspace doesn’t support metadata uploads. Copy the SSO URL from your DigiCert account and enter it into Google Workspace instead.

For complete setup instructions, see Create SAML application in Google Workspace.

If your SAML app is already created:

Sign in to the Google Admin console.
In the left pane, navigate to Apps > Web and mobile apps.
Select your SAML application for DigiCert account.
On the SAML app overview, select Edit details.
Enter the SSO URL in both of these fields:
1. ACS URL
2. Entity ID

Where do I download my IdP metadata?

Select your IdP:

voorbeeld 7. Microsoft Entra ID

For complete setup instructions, see Create SAML application in Entra.

If your SAML app is already created:

Sign in to the Microsoft Entra admin center.
In the left pane, navigate to Microsoft Entra ID > Manage > Enterprise applications.
Select your SAML application for DigiCert account.
In the left pane, select Manage > Single sign-on.
Go to the SAML Certificates section.
Select Download next to Federation Metadata XML

voorbeeld 8. Okta

For complete setup instructions, see Create SAML application in Okta.

If your SAML app is already created:

Sign in to your Okta Admin dashboard.
Go to Applications > Applications.
Select your SAML application for DigiCert account.
Select the Sign On tab > View SAML setup instructions
In the Optional section, copy the IdP metadata.
Enter the IdP metadata into a notepad and save the file in .xml format.

voorbeeld 9. Google Workspace

For complete setup instructions, see Create SAML application in Google Workspace.

If your SAML app is already created:

Sign in to the Google Admin console.
In the left pane, navigate to Apps > Web and mobile apps.
Select your SAML application for DigiCert account.
On the SAML app overview, select Download metadata.

How can I test that my SAML app works?

Select your IdP:

voorbeeld 10. Microsoft Entra ID

For complete setup instructions, see Create SAML application in Okta.

If your SAML app is already created:

Sign in to the Microsoft Entra admin center.
In the left pane, navigate to Microsoft Entra ID > Manage > Enterprise applications.
Select your SAML application for DigiCert account.
Select Manage > Single sign on.
Select Test this application.
Select Test sign in.
On the Success page, select Done.
On the Let's keep your account secure page, select Next.
On the second Success page, select Done.
On the second Let's keep your account secure page, select Next.
Tip
- Your SAML app is configured correctly if you’re redirected to your DigiCert account and asked to finish two-factor authentication (2FA).
- Not redirected to the 2FA page in your DigiCert account? Compare your SAML app settings to these instructions or contact DigiCert Support for assistance.

voorbeeld 11. Okta

For complete setup instructions, see Create SAML application in Okta.

If your SAML app is already created:

Sign in to your Okta Admin dashboard.
Select ∷ > My end user dashboard.
Select the DigiCert account app that you created.
Tip
- Your SAML app is configured correctly if you’re redirected to your DigiCert account and asked to finish two-factor authentication (2FA).
- Not redirected to the 2FA page in your DigiCert account? Compare your SAML app settings to these instructions or contact DigiCert Support for assistance.

voorbeeld 12. Google Workspace

For complete setup instructions, see Create SAML application in Google Workspace.

If your SAML app is already created:

Sign in to the Google Admin console.
In the left pane, navigate to Apps > Web and mobile apps.
Select your SAML application for DigiCert account.
On the DigiCert app overview, select TEST SAML LOGIN.
In the Can't test SAML login modal, select Allow access.
In the Service status field, select the radio button next to ON for everyone.
Select Save.
Return to the DigiCert app overview, select TEST SAML LOGIN.
Tip
- Your SAML app is configured correctly if you’re redirected to your DigiCert account and asked to finish two-factor authentication (2FA).
- Not redirected to the 2FA page in your DigiCert account? Compare your SAML app settings to these instructions or contact DigiCert Support for assistance.

Two-factor authentication and SSO with SAML

When 2FA is enabled, DigiCert prompts you to enter an OTP when signing in, even if you have already provided an OTP to your identity provider (IdP).

In deze sectie:

Was dit nuttig?