Configure ODIC SSO
POST https://www.digicert.com/services/v2/sso/oidc/entity
Use this endpoint to set up single sign-on with your Identity Provider (IdP) using OpenID Connect (OIDC).
Prerequisites
Before using this endpoint, make sure you have access to and are familiar with your company's Identity Provider (IdP), such as PingOne or Okta. You need:
Permission to set up OIDC SSO for an application (CertCentral) in your IdP.
Access to the provider URL, client ID, and client secret for your OIDC service.
Example requests and responses
Request parameters
Name | Req/Opt | Type | Description |
|---|---|---|---|
provider_url | required | string | URL for your Identity Provider (IdP). Get this value from your IdP service. |
client_id | required | string | Client ID from your IdP that CertCentral can use to identify itself in requests to your OIDC service. |
client_secret | required | string | Password from your IdP that CertCentral can use to authenticate requests to your OIDC service. |
friendly_name | required | string | Custom SSO provider friendly name. If |
scope_parameter | required | string | ID token claim attribute to match with the username. Allowed values:
|
discoverable | optional | boolean | If true, your provider friendly name appears in the list of IdPs for anyone who visits DigiCert's public SSO pages. Default: false |
Errors
Status | Code | Description |
|---|---|---|
400 | invalid_value|provider_url | The provider URL is invalid. Make sure you have the correct provider URL and try again. You can get the provider URL for your OIDC service from your IdP. |
400 | friendly_name_exists_already | The friendly name already exists. Choose a unique friendly name and try again. |
400 | invalid_value|scope_parameter | The ID token claim attribute is invalid. Use one of these allowed values:
|