Integrate DigiCert with Conditional Access

In this topic, you will find general instructions on how to integrate DigiCert with Portnox™ Conditional Access for Applications.

Important: Before configuring SSO in DigiCert, you may need to contact DigiCert support to turn on single sign-on functionality for your organization.

Create a Portnox Cloud application configuration

In this step, you will create a configuration in Portnox Cloud that will contain all the information necessary to integrate with DigiCert.

  1. In a new tab of your browser, open your Portnox Cloud account by accessing the following URL: https://clear.portnox.com/

    From now on, we will call this tab the Portnox tab.

  2. In the Cloud portal top menu, click on the Applications option.

  3. On the APPLICATIONS screen, click on the Add new SAML application button.

  4. Optional: If you have more than one SAML identity provider configured, select the identity provider in the Select an identity provider to use for this application section.
  5. In the Application details section, enter an Application name and optionally a Description.

    In this example, we used the name DigiCert for the new application configuration but you can use any name you like.

  6. Keep this browser tab open. You will need it later.

Open your DigiCert SSO configuration page

In this section, you will access your DigiCert single sign-on configuration page and set up SAML single sign-on.

  1. In another tab of your browser, open your DigiCert single sign-on configuration page by accessing the following URL: https://www.digicert.com/secure/settings/sso/.

    From now on, we will call this tab the DigiCert tab.

    Note: You can also access the main configuration page and then, in the left-hand side menu, select the SETTINGS > Single Sign-On option.

  2. In the Single Sign-on (SSO) pane, click on the Set up SAML button.

Copy configuration values from the Portnox tab to the DigiCert tab

In this section, you will copy the values displayed by Portnox Cloud and paste them in the relevant fields in the DigiCert SAML SSO setup section.

  1. In the Portnox tab, in the SAML metadata section, click on the  ⧉  icon next to the URI field to copy the value.

  2. In the DigiCert tab, in the Federation settings section, click on the Use a dynamic URL option, and in the field below, paste the metadata URL copied from Portnox Cloud.

Enter configuration values in the Portnox tab

In this section, you will enter configuration values in the relevant fields in Portnox Cloud.

  1. In the Portnox tab, in the Application properties section, click on the empty field under the Entity ID / Service Provider Entity URL heading and enter the following value: https://www.digicert.com/account/sso/metadata.

  2. In the Portnox tab, in the Application properties section, click on the empty field under the Assertion Consumer Service (ACS) URL / Reply URL heading and enter the following value: https://www.digicert.com/account/sso/.

Finalize the configuration

In this section, you will finalize the configuration in Portnox Cloud and DigiCert.

  1. Finalize the configuration in the Portnox tab.
    1. Optional: In the POLICY ASSIGNMENTS section, change the setting to Application-based and then select an access control policy and a risk assessment policy if you want to control access to this application without using groups.
    2. Scroll all the way down to the end of the page, and then click on the Save button.

  2. Finalize the configuration in the DigiCert tab.
    1. Click on the Save SAML Settings button.

    2. Optional: In the left-hand side menu, select the ACCOUNT > Users option.
      Note: By default, all DigiCert users can log in using their DigiCert login and password or using single sign-on. If you want to allow them to log in only using Conditional Access (recommended), you must configure each user account individually. To avoid potential access problems, we recommend to leave one administrative user with an option to access DigiCert using login and password as well as SSO.

    3. Optional: Click on the name of the user to configure.

    4. Optional: In the User access section, activate the Only allow this user to log in through SAML/OIDC SSO checkbox to enforce single sign-on for this user.

    5. Optional: Click on the Update user button to save the user configuration.

Result: You have configured DigiCert to be accessible using Portnox Conditional Access for Applications.