Configure SAML SSO between DigiCert and Microsoft Entra ID
Use this procedure to configure single sign-on (SSO) between your DigiCert® account and Microsoft Entra ID using Security Assertion Markup Language (SAML) 2.0.
To set up this sign in method, you need to switch between two tabs, DigiCert and Microsoft Entra, to exchange metadata.
For more details about Microsoft Entra configuration, refer to Microsoft Learn.
Before you begin
To finish this setup, you need administrative access in both DigiCert and Microsoft Entra:
Account admin user group required in DigiCert account.
Application Administrator or equivalent role required in Entra.
Access DigiCert's SAML configuration page and download DigiCert’s metadata file that you need to provide to Entra in Step 2.
In DigiCert® account, select Accounts () > Identity and access.
Select Single sign-on with SAML.
In the Connect DigiCert to your IdP section, select Download DigiCert metadata.
Leave this tab open.
In another tab, create a SAML application for your DigiCert account:
Sign in to the Microsoft Entra admin center.
In the left pane, select Microsoft Entra ID.
In the left pane of Microsoft Entra ID, select Manage > Enterprise applications.
Select New application.
In the Search application field, enter DigiCert.
Select the application for DigiCert, Inc.
In the Name field, change the name to DigiCert account.
Select Create.
In the left pane, select Manage > Single sign-on.
To exchange metadata between Entra and DigiCert:
Select Upload metadata file to upload DigiCert's metadata downloaded in Step 1.3.
Go to the SAML Certificates section.
Select Download next to Federation Metadata XML.
Go to the Attributes & Claims section.
Select Edit (✎)
Select Add new claim.
Attribute
Claim value
Notes
givenName
user.givenName
User first name
surname
user.surname
User last name
emailAddress
user.mail
User email address
name
user.userPrincipalName
Entra username (used as the username to sign in to DigiCert® account)
unique user identifier
user.userPrincipalName
Entra username, also referred to as UPN.
Leave this tab open.
Back in your DigiCert® account tab, upload the Entra metadata that you downloaded in Step 2 and enable SSO:
In the Connect your IdP to DigiCert section, select Upload IdP metadata.
In the Enable/Disable SSO with SAML section, switch to enable SSO.
Select Save configuration.
Ensure that all users in your DigiCert account are also assigned to the SAML application in Microsoft Entra admin center:
Go to Manage > Enterprise applications.
Select the DigiCert account application you created.
From the application's overview, select Assign users and groups.
Select +Add user/group.
Verify that you’re able to sign in using your SAML application from Microsoft Entra admin center:
Go to Manage > Enterprise applications.
Select the DigiCert account application you created.
Select Manage > Single sign on.
Select Test this application.
Select Test sign in.
On the Success page, select Done.
On the Let's keep your account secure page, select Next.
On the second Success page, select Done.
On the second Let's keep your account secure page, select Next.
Dica
Your SAML app is configured correctly if you’re redirected to your DigiCert account and asked to finish two-factor authentication (2FA).
Not redirected to the 2FA page in your DigiCert account? Compare your SAML app settings to these instructions or contact DigiCert Support for assistance.
DigiCert logos
Download one of the following logos to help you identify your DigiCert® account SAML app in your IdP:
DigiCert logos for SSO configuration.
Use of DigiCert's logo must at all times comply with DigiCert brand guidelines, including the DigiCert Trademark Usage Guidelines available at https://www.digicert.com/legal-repository/ (as updated from time to time).