Instructions for how to configure SAML Single Sign-On for your CertCentral account
The SAML Single-Sign-on (SSO) feature in CertCentral allows you to connect your identity provider (IdP) with CertCentral. Once the connection is configured, you can create SAML SSO users who can only log into their CertCentral account through a service provider initiated custom SSO URL or an IDP initiated SSO URL.
- okta – http://saml-doc.okta.com/SAML_Docs/How-to-Configure-SAML-2.0-for-DigiCert.html
- OneLogin – https://admin.us.onelogin.com/apps/new/70450
- Duo – https://duo.com/docs/digicert
Integrated Identity Providers:
How to Configure SAML Single Sign-On for Your CertCentral Account
In your CertCentral account, in the sidebar menu, click Settings > Single Sign-On.
On the Single Sign-on (SSO) page, click Edit Federation Settings.
Set Up Your Identity Provider Metadata
Add IdP Metadata
Under How will you send data from your IDP?, do one of the following tasks:
XML Metadata Select this option and then manually provide DigiCert with your IdP metadata in XML format. If you use this option, you will need to manually update your IdP metadata if it changes. Use a dynamic URL Select this option and then provide DigiCert with the link to your IdP metadata. If you use this option, your IdP metadata is updated automatically if it changes.
Under How will you identify a user?, do one of the following tasks:
NameID To use the NameID field to match your CertCentral users to your SAML Single Sign-on (SSO) users, select this option. Use a SAML attribute To use an attribute to match your CertCentral users to your SAML Single Sign-on (SSO) users, select this option. Then, in the box, enter the attribute (e.g., email) that you want to use. This attribute (e.g., email) should appear in the assertion your IdP sends to DigiCert, as follows:
Add Federation Name
Under Federation Name, provide a federation name (friendly name) that will be included in the custom SSO URL that is created and sent to SSO only users.
Note: The federation name must be unique. We recommend using your company name.
When you are finished, click Save & Finish.
Add DigiCert's Service Provider (SP) Metadata to Your Identity Providers (IdPs)
On the Single Sign-on (SSO) page, in the DigiCert's SP Metadata section, do one of the following tasks:
Dynamic URL for Copy the dynamic URL provided by DigiCert to our SP metadata and add it to your IdP to help make DigiCert's SP Metadata the SSO connection. If you use this option, our SP metadata is updated automatically in your IdP, if your IdP metadata is ever changed in your CertCentral account. Static XML Copy the XML formatted SP metadata provided by DigiCert and add it to your IdP to help make the SSO connection. If you use this option, DigiCert's SP metadata will need to be manually updated in your IdP as needed.
Log in and Finalize the SAML SSO to CertCentral Connection
On the Single Sign-on page, in the SP Initiated Custom SSO URL section, copy the URL and paste it into a browser. Then, use your IdP login credentials to log into your CertCentral account.
Note: If you prefer, you can use an IdP initiated login URL to log into their CertCentral account instead. However, you will need to provide your users with this IdP initiated URL or application.
Congratulations you have successfully configured SAML SSO for your DigiCert CertCentral account.