Prerequisites for DigiCert ONE Login
You must have a thorough understanding of federated protocols for authorization and authentication, specifically SAML or OpenID Connect.
Make sure you have the privileges to configure your Identity Provider (IdP) to integrate with DigiCert ONE.
DigiCert ONE account prerequisites
To start using profiles with DigiCert ONE Login, you will need to configure the following for your organization’s account.
Configure the sign-in setting for your account using Single sign-on with SAML or Single sign-on with OIDC. For specific settings required for the user creation flow for DigiCert ONE Login, refer to the Identity provider configuration prerequisites below.
If DigiCert Trust Assistant is not yet enabled for your account, reach out to your DigiCert representative to enable it. Also, request your DigiCert representative to add email domain(s) to Allow user creation via SSO in your account.
注意
This email domain should be a domain owned by your organization. This can be configured only after sign-in setting is configured either with Single sign-on with SAML or Single sign-on with OIDC, so make sure it is configured beforehand.
Identity provider configuration prerequisites
During DigiCert ONE user creation, you must relay the required user attributes through the ID Token for OIDC and the SAML Response for SAML. The following user attributes are required and are not case-sensitive.
Email: “email” (for SAML, this attribute is retrieved from Subject.NameID)
First name: Can be any from “given_name”, “first_name”, “firstname”, or “givenname”
Last name: Can be any from “last_name”, “lastname”, “familyname”, “family_name”, or “surname”
注意
Some providers may include these attributes by default, but make sure that these attributes are present in the ID Token or SAML Response during authentication.
Refer to the next section Idp attribute mapping for more details on this subject.