Configure two-factor authentication
CertCentral requires two-factor authentication (2FA) for all accounts. Two-factor authentication (2FA) verifies identity through two forms: a username and password, and a second factor such as a one-time password (OTP) or a client certificate.
Administrators set the account-wide default second factor and can create user-specific requirements that override that default. Authentication settings apply to all users who sign in to CertCentral.
Configure two-factor authentication in Settings > Authentication Settings.
This section covers:
Setting the default second factor for all account users
Creating user-specific 2FA requirements that override the account default
Enabling 30-day device verification for OTP app authentication
Managing 2FA recovery options, including OTP resets and client certificate regeneration