Configure OIDC SSO

  2 minute read  

POST https://www.digicert.com/services/v2/sso/oidc/entity

Use this endpoint to set up single sign-on with your Identity Provider (IdP) using OpenID Connect (OIDC).

Prerequisites

Before using this endpoint, make sure you have access to and are familiar with your company’s Identity Provider (IdP), such as PingOne or Okta. You need:

  • Permission to set up OIDC SSO for an application (CertCentral) in your IdP.
  • Access to the provider URL, client ID, and client secret for your OIDC service.

Example requests and responses

cURL

curl --request POST 'https://www.digicert.com/services/v2/sso/oidc/entity' \
--header 'X-DC-DEVKEY: {{api_key}}' \
--header 'Content-Type: application/json' \
--data-raw '{
    "provider_url": "https://provider.example.com/",
    "client_id": "client_id",
    "client_secret": "client_secret",
    "friendly_name": "Public Friendly Name",
    "scope_parameter": "preferred_username",
    "discoverable": true
}'

201 Created

// No content

Request parameters

NameReq/OptTypeDescription
provider_urlrequiredstringURL for your Identity Provider (IdP). Get this value from your IdP service.
client_idrequiredstringClient ID from your IdP that CertCentral can use to identify itself in requests to your OIDC service.
client_secretrequiredstringPassword from your IdP that CertCentral can use to authenticate requests to your OIDC service.
friendly_namerequiredstringCustom SSO provider friendly name. If discoverable is true, this friendly name is visible to anyone who visits DigiCert’s public SSO login pages.
scope_parameterrequiredstringID token claim attribute to match with the username.
Allowed values:
discoverableoptionalbooleanIf true, your provider friendly name appears in the list of IdPs for anyone who visits DigiCert’s public SSO pages.
Default: false

Errors

StatusCodeDescription
400invalid_valueprovider_url
400friendly_name_exists_alreadyThe friendly name already exists. Choose a unique friendly name and try again.
400invalid_valuescope_parameter