Instructions for how to configure SAML Single Sign-On for your CertCentral account

The SAML Single-Sign-on (SSO) feature in CertCentral allows you to connect your identity provider (IdP) with CertCentral. Once the connection is configured, you can create SAML SSO users who can only log into their CertCentral account through a service provider initiated custom SSO URL or an IDP initiated SSO URL.

How to Configure SAML Single Sign-On for Your CertCentral Account

  1. In your CertCentral account, in the sidebar menu, click Settings > Single Sign-On.

    CertCentral SAML SSO

  2. On the Single Sign-on (SSO) page, click Edit Federation Settings.

    CertCentral SAML SSO

  3. Set Up Your Identity Provider Metadata

    1. Add IdP Metadata

      Under How will you send data from your IDP?, do one of the following tasks:

      XML Metadata Select this option and then manually provide DigiCert with your IdP metadata in XML format.
      If you use this option, you will need to manually update your IdP metadata if it changes.

      CertCentral SAML SSO

      Use a dynamic URL Select this option and then provide DigiCert with the link to your IdP metadata.
      If you use this option, your IdP metadata is updated automatically if it changes.

      CertCentral SAML SSO

    2. Identify Users

      Under How will you identify a user?, do one of the following tasks:

      NameID To use the NameID field to match your CertCentral users to your SAML Single Sign-on (SSO) users, select this option.
       
      Use a SAML attribute To use an attribute to match your CertCentral users to your SAML Single Sign-on (SSO) users, select this option.
      Then, in the box, enter the attribute (e.g., email) that you want to use.
      This attribute (e.g., email) should appear in the assertion your IdP sends to DigiCert, as follows:

      <AttributeStatement>
      <Attribute Name="email">
      <AttributeValue>user@example.com
      </AttributeValue>
      </Attribute>
      </AttributeStatement>

      CertCentral SAML SSO

    3. Add Federation Name

      Under Federation Name, provide a federation name (friendly name) that will be included in the custom SSO URL that is created and sent to SSO only users.

      Note: The federation name must be unique. We recommend using your company name.

      CertCentral SAML SSO

    4. When you are finished, click Save & Finish.

  4. Add DigiCert's Service Provider (SP) Metadata to Your Identity Providers (IdPs)

    On the Single Sign-on (SSO) page, in the DigiCert's SP Metadata section, do one of the following tasks:

    Dynamic URL for Copy the dynamic URL provided by DigiCert to our SP metadata and add it to your IdP to help make
    DigiCert's SP Metadata the SSO connection.
    If you use this option, our SP metadata is updated automatically in your IdP, if your IdP metadata
    is ever changed in your CertCentral account.
     
    Static XML Copy the XML formatted SP metadata provided by DigiCert and add it to your IdP to help make the SSO connection.
    If you use this option, DigiCert's SP metadata will need to be manually updated in your IdP as needed.
     

    CertCentral SAML SSO

  5. Log in and Finalize the SAML SSO to CertCentral Connection

    On the Single Sign-on page, in the SP Initiated Custom SSO URL section, copy the URL and paste it into a browser. Then, use your IdP login credentials to log into your CertCentral account.

    Note: If you prefer, you can use an IdP initiated login URL to log into their CertCentral account instead. However, you will need to provide your users with this IdP initiated URL or application.

    CertCentral SAML SSO

  6. Congratulations you have successfully configured SAML SSO for your DigiCert CertCentral account.

    CertCentral SAML SSO