DigiCert SAML Single Sign-On (SSO) integration

This topic contains procedures to configure DigiCert for Single Sign-On (SSO) in CyberArk Identity using SAML.

DigiCert SSO supported features

This application template supports the following features:

• IdP-initiated SSO

• SP-initiated SSO

Prerequisites for DigiCert SSO

Before you configure DigiCert for SSO, make sure you have an account in DigiCert with administrator access.

Configure the DigiCert application template in the Identity Administration portal

Step 1: Add the DigiCert web app template.

1. In the Identity Administration portal, select Apps & Widgets > Web Apps, then click Add Web Apps.

   

2. On the Search page, enter the application name in the Search field and click the search button.

3. Next to the application name, click Add.

4. On the Add Web App page, click Yes to confirm.

5. Click Close to exit the Application Catalog.

   The application opens to the Settings page.

Step 2: Configure the Trust page

1. Click Trust to go to the Trust page.

2. In the Identity Provider Configuration section, select Metadata, then click Copy URL to copy the URL of the certificate.

   This URL is used later when you configure the SAML integration in DigiCert.

   

Step 3: Configure the Permissions page to grant DigiCert users SSO access

Grant SSO access to DigiCert by assigning permissions to users, groups, or roles.

1. On the Permissions page, click Add.

2. Select the user(s), group(s), or role(s) that you want to grant permissions to, then click Add.

   The added object appears on the Permissions page with View, Run, and Automatically Deploy permissions selected by default.

3. Select the permissions you want and click Save.

   Default permissions automatically deploy the application to the User Portal if the Show in user app list option is selected on the Settings page. Do not select this option if you intend to use only SP-initiated SSO.

   Change the permissions if you want to add additional control or if you prefer not to automatically deploy the application.

Step 4: Review and save

Review your settings to confirm your configuration. For example, you might want to verify that you selected the appropriate users, groups, or roles on the Permissions page. Click Save when you are satisfied.

Configure DigiCert for SAML single sign-on

Perform these steps in DigiCert to configure the DigiCert app template for SSO.

1. Sign in to DigiCert as an administrator.

2. Go to Settings > Single Sign On (SSO).

3. Click Edit Federation Settings.

4. In the Federation settings section, complete the following fields:

   Field	Action
   How will you send data from your IDP?	Select Use a Dynamic URL and enter the Identity Provider Login Page URL you copied from the CyberArk IdP configuration.
   How will you identify a user?	Select Use a SAML attribute and enter email.
   Federation Name	Enter a unique value, for example, your company name.

5. Click Save and Finish.

6. Go to the Single Sign-On page and download the Static XML Metadata file.

7. In the CyberArk Identity Administration portal, return to the Trust page, Service Provider Configuration. Click Choose File to upload the XML metadata file you just downloaded, then click Save.

   

Test the DigiCert SSO configuration

Now that you have finished configuring the application template settings in the Identity Administration portal and DigiCert, DigiCert users can benefit from SP-initiated SSO.

1. Sign in to CyberArk Identity with the user account you just added.

2. Click the DigiCert application tile to launch DigiCert in a new tab and automatically sign in.

1. Go to the login URL for your DigiCert account sign-in page.

2. Click Sign in with SSO.

3. Under Enter your identity provider, enter the federation name you previously defined, then click Next.

You are redirected to the IdP for authentication. After successful authentication, you are redirected back to DigiCert, which displays the web interface.

Additional information

See your DigiCert documentation for additional resources:

Configure SAML Single Sign-On