...

SWAMID has added the needed attribute release at the end of the current best practice Example of a standard attribute filter for Shibboleth IdP v3.4.0 and above. If your Identty Provider uses this example filter uncomment the release configuration for Sectigo SCM and the correct attributes will be released.

Test that your IdP is correctly configured

After your Identity Provider administrators has configured the attribute release you can test it at https://cert-manager.com/customer/sunet/ssocheck. In this test only eduPersonPrincipalName and mail is required but for the upcomming personal certificates givenName, sn and displayName (not displayed in the test) will be required.

Further configuration

When you have verified that your IdP is correctly configured, you can go on to configure use of SAML authentication:

• To use federated login in the SCM portal you need to go into all your current RAO and DRAO admin accounts (Admins) and change the field Identity provider to "Your institution" and the field IdP Person Id to

...

• the ePPN (eduPersonPrincipalName) of the admin. If you don't do this manual mapping of eduPersonPrincipalName to the admin account then a much more insecure automatic mapping by mail address will be done at first SAML login.

...

• Right now there is a annoying known bug when using the SAML integration. The SAML integration picks up the name from the SAML assertion but don't handle character encoding correct.
• See above under "Allowing non-admins to request certificates" for information about "Self Enrollment via SAML" for SSL certificates.

Using the REST API

Sectigo REST API documentation can be found at https://support.sectigo.com/Com_KnowledgeProductPage?c=Sectigo_Certificate_Manager_SCM in the "SCM - Sectigo Certificate Manager REST API"  document.

...