Skip to main content

为帐户配置双因素身份验证要求

对于配置为使用的帐户 一次性密码 (OTP) 作为他们的第二种形式,你只能配置 客户证书 个人用户的要求。对于配置为使用的帐户 客户证书 作为他们的第二种形式,你只能配置 一次性密码 (OTP) 个人用户的要求。

Before you Begin

  • One-time password (OTP) default setting

    For accounts that use a one-time password (OTP) app by default, you don't need to configure OTP app requirements for users. When a user signs in, they must initial their OTP app and enter the temporary password before accessing their account.

    You can configure new two-factor authentication requirements and allow users to authenticate using OTP email verification or client certificates.

  • Client certificate default setting

    For accounts configured to use a client certificate by default, you don't need to configure client certificate requirements for your users. When a user signs in, they must generate a client certificate and install it on their device before accessing their account.

    To complete the two-factor authentication process, the user must sign in from the device the certificate is installed so they can present it when required by the browser.

    You can configure new two-factor authentication requirements and allow users to authenticate with an OTP app or OTP verification email.

配置双因素身份验证要求

  1. 在您的 CertCentral 帐户的左侧主菜单中,转到设置 > 身份验证设置

  2. 在“双因素身份验证要求”部分,单击添加新要求

  3. In the Add 2FA requirement side panel, in the Apply rule to dropdown, select the user you want the requirement to apply to.

  4. 在“添加双因素要求”页面的“身份验证类型”下,选择您要求的第二种身份验证形式:

    • 客户端证书

      • 应用此规则将要求用户在下一次登录时在浏览器中生成客户端证书。

      • 以下浏览器支持 DigiCert KeyGen 客户端证书生成:

        • Windows:Chrome、Firefox 和 Microsoft Edge

        • macOS:Chrome、Firefox 和 Safari

    • 一次性密码 (OTP)

      Under OTP authentication methods, you can check one or both methods. If you check both methods, the user can choose which method to use each time they sign in.

      • Email

        The next time the user signs in, CertCentral sends a temporary password to the email address in their CertCentral account Profile Settings.

      • App/device

        OTP 身份验证要求使用任何支持基于时间的一次性密码 (TOTP) 协议的移动应用程序。

        DigiCert-tested apps:

        • Google Authenticator: Android, iPhone, Blackberry

        • Authy: Android, iPhone

        • Authenticator: Android, iPhone, Windows Phone

        • Duo Mobile: iPhone

  5. 单击创建要求

接下来

在“身份验证设置”页面(在左侧主菜单中,转到设置 > 身份验证设置)的“双因素身份验证要求”部分,将每个新的双因素身份验证规则/要求添加到表中。

此外,当用户登录和生成客户端证书并初始化一次性密码 (OTP) 应用程序或设备时,该用户也会添加到适用的表中 - 一次性密码 (OTP) 设备颁发的客户端证书