Configure two-factor authentication requirements for your account

To add a second form of identity verification to your sign in process, you need to configure the two-factor authentication requirements for your account. You can configure a requirement for all users and for individual users as needed.

Before you begin

For accounts configured to use the Client Certificate or the One-Time Password (OTP) option, you can only configure requirements for individual users. These types of account configurations require all account members to use their username and password and a second form of authentication to sign in to their account: client certificate or one-time password.

Configure a two-factor authentication requirement

  1. In your CertCentral account, in the left main menu, go to Settings > Authentication Settings.

  1. In the Two-Factor Authentication Requirements section, click Add New Requirement.

  1. Authentication Type

    On the Add Two Factor Requirement page, under Authentication Type, select the second form of authentication you want to require:

    • One-Time Password (OTP)
      • Applying this rule will require users to initialize their OTP app or device and generate a one-time password the next time they sign in.
      • OTP authentication requires the use of any mobile app that supports the Time-Based One-Time Password (TOTP) protocol.
    • Client Certificate
      • Applying this rule will require users to generate a client certificate in their browser the next time they sign in.
      • Internet Explorer (Windows) and Safari (Mac) are the only browsers that support client certificate generation.
  1. Apply Rule To

    Under Apply Rule To, select who you want the rule to apply to:

    • All account users
      Sets an account level two-factor authentication requirement.
    • Specific user
      In the dropdown, select the user the rule should apply to.
  1. Click Create Requirement.

What's next

On the Authentication Settings page (in the left main menu, go to Settings > Authentication Settings), in the Two-Factor Authentication Requirements section, each new two-factor authentication rule/requirement is added to the table.

Additionally, as users sign in and generate client certificates and initialize OTP apps or devices, they are added to the applicable table—One-Time Password (OTP) Devices or Issued Client Certificates.