Configuring Client Certificate Authentication
This page describes steps to configure Client Certificate Authentication.
Client Certificate Authentication is offered as a paid option.The setting procedure described in this page cannot be performed before signing up for the trial or starting your subscription.
STEP 1: Allowing Users to Use the Client Certificate Authentication
Allow appropriate users to use Client Certificate Authentication.
You can use either of the following procedures:
STEP 2: Issuing Client Certificates
Issue a client certificate for each user who will use Client Certificate Authentication.
-
Click the gear-shaped menu button in the header.
-
Click Users & System Administration.
-
Click Create & Download.
-
Select the department to which a target user belongs.
When the target user does not belong to any department, select "Users Not Yet Assigned". -
Select the state of the client certificate to narrow down the target users, if necessary.
-
Select the checkbox for the user you want.
You can select multiple users.
-
Set the expiration date.
By default, the date is set to one year later.
-
Select whether to revoke the existing client certificate.
When you select "Removing existing client certificates before re-issuing them", you can no longer use the existing client certificate. -
Click Create.
Expiration date of client certificate
When a client certificate expires, the user can no longer use Client Certificate Authentication to access a service. When you want to continue using Client Certificate Authentication, reissue a client certificate and install it on the devices again.
Renewing Client Certificates on Devices
The client certificate is valid for a maximum of 3 years. The expiration date of a client certificate is based on the time zone of the administrator who issued the certificate.
For Safari running on iPhone, after a client certificate expires, the user might be still allowed to use a service for up to 10 minutes until the session cache expires.
STEP 3: Installing Client Certificates on Devices
This section describes the steps for administrators to install client certificates on devices.
Provide users with the following page to ask them to install their client certificate by themselves.
Installing Client Certificates on Devices
-
Prohibit users from downloading their client certificate, if necessary.
By default, users are allowed to download client certificates.
Preventing users from downloading their client certificates -
Download client certificates.
Downloading multiple users' client certificates in bulk -
Install the client certificate.
As for the detailed steps, refer to the following page:
Adding a client certificate
Preventing Users from Downloading Their Client Certificates
-
Click the gear-shaped menu button in the header.
-
Click Users & System Administration.
-
Click Download Permissions.
-
Clear "Allow users to download their client certificates".
-
Click Save.
Downloading Multiple Users' Client Certificates in Bulk
-
Click the gear-shaped menu button in the header.
-
Click Users & System Administration.
-
Click Create & Download.
-
Select the department to which a target user belongs.
When the target user does not belong to any department, select "Users Not Yet Assigned" or "All Users".
-
Select "Valid".
-
Select the checkbox for the user you want.
-
Click Download.
A zip file is downloaded that contains a set of the client certificate and password for the user.
STEP 4: Configuring IP Address Restrictions
For details, refer to the following page:
IP Address Restrictions