DigiCert KnowledgeBase - Technical Support-hero

Knowledge Base

Discovery and Automation capabilities when SAML is enabled on CertCentral Account

Solution ID : SO050221222202
Last Modified : 10/21/2023


  1. Automation is behaving erratic when user tries to create profile or perform an automation tasks (not able to add profile etc)
  2. Discovery notifications are not working even when enabled.


CertCentral supports enabling SAML on an account. This allows customers to use their SSO credentials to login to CertCentral (e.g. Okta etc.)

For a given user CertCentral also allows administrators to limit the user to only login using SSO.

If this option is enabled for a user, CertCentral doesn’t allow users to login using their password or to create API-KEYS.

Discovery and Automation rely on API-KEYS to interface with CertCentral. Hence for users who have enabled SSO only option, these features will not work. 


Check if discovery and automation API keys exist for the user.

  1. Disable SSO only option at user level.
  2. If SSO has to be enforced by the customer, then as a workaround
            1. Disable SSO only option
            2. Ask user to login to the account and
                access discovery and automation sections
            3. API key will be auto generated
            4. Enable SSO only option
Note: the above steps will need to be repeated if the API-KEY is revoked for any reason.