Skip to main content

DigiCert ONE login using DigiCert Trust Assistant

This page explains how to configure your DigiCert ONE environment to perform DigiCert ONE login through DigiCert​​®​​ Trust Assistant.

Prerequisites

In DigiCert ONE, you must set up HTTPS and client authentication.

In the values.yaml file, make sure global.clientAuthHost is specified and global.protocol is set as https:

global:
  host: dcone.cluster.local
  clientAuthHost: clientauth.dcone.cluster.local
  protocol: https
  secretName: dcone-secrets
  tlsSecretName: dcone-tls

Configure DigiCert ONE login through DigiCert Trust Assistant

  1. Enable DigiCert​​®​​ Trust Assistant: Go to Account Manager (AM) > Accounts and select account. Scroll down to Features and enable DigiCert​​®​​ Trust Assistant.

  2. Verify thatDigiCert​​®​​ Trust Assistant OAuth v2 integration is created: In the same account, scroll down to OAuth Integrations, and verify the OAuth v2 settings.

  3. Configure IdP: This step is required for end-user login.

  4. Configure domain: Under Sign-in settings > SSO settings for Document Signing Manager users (optional), edit and add the email domain for allowing user registration.

  5. Trigger OAuth v2 sign-in through DigiCert ONE: You have two options to perform this task:

    1. Using the DigiCert​​®​​ Trust Assistant GUI: Open the Dashboard, and on the top-right corner, select the menu icon (hamburger menu) and select Sign in.

      Enter the Sign in host URL and Account ID (GUID of your account) and select Submit.

      Example of Sign in host URL: https://dcone.cluster.local/mpki/dtw

    2. Using Sign-in link: Click the link starting with DigiCert Trust Assistant custom URI protocol dctrustassistant:/ to be redirected to the DigiCert Trust Assistant login sequence.

      Copy and paste the URL on the browser address bar to trigger the OAuth sign-in through DigiCert ONE.

      Example URL dctrustassistant:/signin?type=sso&hostUrl=https://dcone.cluster.local/mpki/dtw&systemType=DCONE&accountId=c8b29fdb-b397-4e53-92a4-c3a6f8d6be08

  6. From the Account Manager (AM), sign in to DigiCert ONE: When the login is triggered, you will be redirected to the browser to log in to DigiCert ONE. The account admin or end user can log in.

    For account admin proceed to the next step. For end-users, skip step 7.

  7. Sign in to DigiCert ONE as account admin: Account admin log-in differs based on the configuration specified for the system or account. See DigiCert ONE authentication sign-in methods for details.

    After being logged in, the user will be redirected to DigiCert​​®​​ Trust Assistant.

  8. Sign in to DigiCert ONE as an end-user:

    1. In the Account Manager (AM) sign-in page, select the Create one link (at the bottom).

    2. Enter the email with the same domain specified in the prior step. If it matches, the Link account button appears.

    3. Select the Link account button to be redirected to the IdP provider configured for the account.

    4. Enter your authentication information (this depends on your IdP’s configuration), and log in.

    5. You will be redirected back to the Create User page. Enter all the information and select Create account.

    6. In the confirmation dialog that appears, select Open to be redirected to the DigiCert​​®​​ Trust Assistant dashboard.

Note

It will take some time for DigiCert​​®​​ Trust Assistant to process the result and issue the Device ID. The Device ID is saved into Device Token (copy of DigiCert Software Key Store, but hidden and used for provisioning only).

After successful login, the top-right icon will change to the Avatar icon and will show the account and user name. Also, it will show the certificate profiles in the user’s account, if any.