Configure two-factor authentication requirements for your account

To add a second form of identity verification to your sign in process, you need to configure the two-factor authentication requirements for your account. You can configure a requirement for all users and for individual users as needed.

Before you begin

For accounts configured to use the Client Certificate or the One-Time Password (OTP) option, you can only configure requirements for individual users. These types of account configurations require all account members to use their username and password and a second form of authentication to sign in to their account: client certificate or one-time password.

Configure a two-factor authentication requirement

  1. In your CertCentral account, in the left main menu, go to Settings > Authentication Settings.

  1. In the Two-Factor Authentication Requirements section, click Add New Requirement.

  1. Authentication Type

    On the Add Two Factor Requirement page, under Authentication Type, select the second form of authentication you want to require:

    • One-Time Password (OTP)
      • Applying this rule will require users to initialize their OTP app or device and generate a one-time password the next time they sign in.
      • OTP authentication requires the use of any mobile app that supports the Time-Based One-Time Password (TOTP) protocol.
    • Client Certificate
      • Applying this rule will require users to generate a client certificate in their browser the next time they sign in.
      • Internet Explorer (Windows) and Safari (Mac) are the only browsers that support client certificate generation.

  1. Apply Rule To

    Under Apply Rule To, select who you want the rule to apply to:

    • All account users
      Sets an account level two-factor authentication requirement.
    • Specific user
      In the dropdown, select the user the rule should apply to.

  1. Click Create Requirement.

What's next

On the Authentication Settings page (in the left main menu, go to Settings > Authentication Settings), in the Two-Factor Authentication Requirements section, each new two-factor authentication rule/requirement is added to the table.

Additionally, as users sign in and generate client certificates and initialize OTP apps or devices, they are added to the applicable table—One-Time Password (OTP) Devices or Issued Client Certificates.

Über

DigiCert is the world's leading provider of scalable TLS/SSL, IoT and PKI solutions for identity and encryption. The most innovative companies, including 89% of the Fortune 500 and 97 of the 100 top global banks, choose DigiCert for its expertise in identity and encryption for web servers and Internet of Things devices. DigiCert supports TLS and other digital certificates for PKI deployments at any scale through its certificate lifecycle management solution, CertCentral®. The company is recognized for its enterprise-grade certificate management platform, fast and knowledgeable customer support, and market-leading security solutions. For the latest DigiCert news and updates, visit digicert.com or follow @digicert.

©2020 DigiCert, Inc. All rights reserved. DigiCert, its logo and CertCentral are registered trademarks of DigiCert, Inc. Norton and the Checkmark Logo are trademarks of NortonLifeLock Inc. used under license. Other names may be trademarks of their respective owners.