Skip to main content

設定您的帳戶的雙重身份驗證要求

對於配置為使用一次性密碼 (OTP) 作為第二種形式的帳戶,您只能為單個用戶配置客戶端證書要求。對於配置為使用客戶端證書作為第二種形式的帳戶,您只能為單個用戶配置一次性密碼 (OTP) 要求。

Before you Begin

  • One-time password (OTP) default setting

    For accounts that use a one-time password (OTP) app by default, you don't need to configure OTP app requirements for users. When a user signs in, they must initial their OTP app and enter the temporary password before accessing their account.

    You can configure new two-factor authentication requirements and allow users to authenticate using OTP email verification or client certificates.

  • Client certificate default setting

    For accounts configured to use a client certificate by default, you don't need to configure client certificate requirements for your users. When a user signs in, they must generate a client certificate and install it on their device before accessing their account.

    To complete the two-factor authentication process, the user must sign in from the device the certificate is installed so they can present it when required by the browser.

    You can configure new two-factor authentication requirements and allow users to authenticate with an OTP app or OTP verification email.

設定雙重身份驗證要求

  1. 在您的 CertCentral 帳戶的左側主功能表中,前往設定 > 驗證設定

  2. 在「雙重身分驗證要求」區段中,按一下新增新的要求

  3. In the Add 2FA requirement side panel, in the Apply rule to dropdown, select the user you want the requirement to apply to.

  4. 在「新增雙重要素要求」頁面的「身份驗證類型」下,選擇您要求的第二個驗證形式:

    • 客戶憑證

      • 套用此規則將要求使用者下次登入時在他們的瀏覽器中產生用戶端憑證。

      • 以下瀏覽器支持 DigiCert KeyGen 客戶端證書生成:

        • Windows:Chrome、Firefox 和 Microsoft Edge

        • macOS:Chrome、Firefox 和 Safari

    • 一次性密碼(OTP)

      Under OTP authentication methods, you can check one or both methods. If you check both methods, the user can choose which method to use each time they sign in.

      • Email

        The next time the user signs in, CertCentral sends a temporary password to the email address in their CertCentral account Profile Settings.

      • App/device

        OTP 驗證需要使用任何支援限時一次性密碼(TOTP)協定的流動應用程式。

        DigiCert-tested apps:

        • Google Authenticator: Android, iPhone, Blackberry

        • Authy: Android, iPhone

        • Authenticator: Android, iPhone, Windows Phone

        • Duo Mobile: iPhone

  5. 選取建立要求

下一步是什麼

在「驗證設定」頁面 (在左側主功能表中,前往設定 > 驗證設定) 的「雙重身分驗證要求」區段中,新增每個新的雙重身分驗證規則/要求到表格中。

此外,由於使用者登入、產生用戶端憑證與初始化 OTP 應用程式或裝置,因此將他們新增到應用表格中 — 一次性密碼 (OTP) 裝置發行的用戶端憑證

: