Enable certificate-based authentication for the IdP
How to enable and configure certificate-based authentication for an identity provider (IdP).
To use this feature, you must Add a certificate to EAA from a trusted certificate authority (CA) to validate the client certificate. The client certificate must be uploaded to the user’s device.
Before you begin
If you want to create a new OCSP, see Create an online certificate status protocol (OCSP) and then return to this procedure.
Note: If you are modifying a previously created identity provider (IdP), changes to the IdP do not take effect until the applications associated with the IdP are deployed.
- Log in to the Enterprise Application Access (EAA) Management Portal.
- From the top menu bar, click .
- Locate the IdP that you want to enable for certificate-based authentication.
- Click the Settings (gear) icon to modify or configure the settings of the identity provider.
- In the General Settings, select the Certificate validation setting.
- Select the CA certificate issuer that you want to use to validate the end user’s certificate.
- In the Certificate identity attribute menu, select the attribute in the certificate for the username.
In the Certificate validation
method menu, select either None or
- If you select OCSP, the Select OCSP field appears.
- Select an OCSP from the list.
Optionally, in the Certificate Onboard
URL field, enter the URL where the user is redirected if no
certificate is provided.
Note: Leave the Certificate identity is username checkbox unselected.
- To save the changes click Save and exit or Save and go to directories.
For the changes to go into effect, Deploy the identity provider.