Contents x
    Add authentication with certificate
    • 2 minutes to read
    • Print
    • Dark
      Light
    • PDF
    Contents

    Add authentication with certificate

    • 2 minutes to read
    • Print
    • Dark
      Light
    • PDF
    Article summary

    Physical or virtual X.509 certificates

    Caution

    For certificate support to be enabled, our support team must be contacted so that the senhasegura instance can recognize the CA and the CA chain can be configured to use at the web interface login.

    Although they are in the same menu structure as other authentication provider technologies, using X.509 certificates in senhasegura complements an MFA step. The certificate will be linked to the senhasegura user's account, making it mandatory to use this certificate to log in.

    The administrator will have the option to make the use of the certificate mandatory in the following scenarios:

    • Mandatory login on the senhasegura Web platform

    • Mandatory senhasegura RDP Proxy sessions

    • Mandatory senhasegura Terminal Proxy sessions

    Enabling mandatory settings

    Info

    When enabled to force the use of digital certificates as MFA, every single senhasegura user will be forced to use it.

    Force all users to use digital certificates

    The following option will require users to log in using an X.509 certificate.

    At the first login, the certificate used will be linked to the user, and from this point on, all subsequent logins will require the use of this related certificate.

    Through the menu Settings ➔ System Parameters ➔ Security, you will have access to the option Force the use of digital certificate for all users.


    image.pngsecurity configuration

     


    Force use of digital certificate in proxy sessions

    Info

    When activating this option, the user must log in to the web interface using a valid X.509 certificate before logging in to a proxy session.

    Through the menu Settings ➔ System Parameters ➔ System Parameters, you have access to the Security section. In this screen, you can access the fields Force authentication with certificate.


    image.pngSystem setup

     

    Auditing logins via certificate

    Certified Certification Authorities

    For a CA to be considered reliable for senhasegura, a senhasegura professional must have manually configured the server to accept the CA. Still, the administrator can decide whether to revoke the use of the CA.

    Through the menu Settings ➔ Authentication ➔ Digital Certificate ➔ Authorities, you have access to the certificate authorities approved as issuing login certificates.

    You can view your details or inactivate an authority. In this case, all certificates from this CA will be prevented from logging on to the platform.

    Listing used certificates

    Through the menu Settings ➔ Authentication ➔ Digital certificate ➔ Certificates, the administrator can view details of the certificate and which user account senhasegura is linked to. Through this screen, the administrator can even revoke the use of a certificate. In this case, the user must link a new certificate to log in.

    It is important to remember that if the administrator wants to block a user's access, he must inactivate the access account. Revoking a certificate will not revoke the access account.

    Certificate usage log

    Through the menu Settings ➔ Authentication ➔ Digital certificate ➔ Certificates, you have access to a detailed report of the events that a user has used an X.509 certificate.

    Was this article helpful?
    What's Next
    Digital sovereignty is a fundamental right for citizens, institutions, and society. That’s why we work every day.
    Connect With Us
    SENHASEGURA
    LEARN
    EXPLORE
    Copyright © senhasegura. All Rights Reserved