Setting up attribute matching

TRITON Manager Help | Web, Data, and Email Protection Solutions | v8.2.x

Use the TRITON Settings > Two-Factor Authentication > Configure Attribute Matching page to define the administrator LDAP property that matches against a property in the certificate provided.

Under Administrator Property, select the property from your user directory that will be used to match against the administrator's certificate. This can be:

The administrator Email address (local and network accounts)

LDAP distinguished name (network accounts only)

User name (local and network accounts)

A Custom LDAP field (network accounts only)


	Note If you are using a generic LDAP user directory, you must specify a custom field.

If you have defined a custom LDAP field, click Verify Administrator Property to confirm that the property exists in your user directory. Select a network administrator account to verify against.


	Note Verify Administrator Property is available only if you have configured your user directory in TRITON Manager, and you have set up at least one network administrator account.

When you save the settings on this page, the custom property is imported for all applicable accounts (network only, or local and network accounts) in TRITON Manager. If you need to change this field at a later date, click Update Property to import the new attribute matching value.

Under Certificate Property, select the property in the administrator's logon certificate to match against the LDAP property that you defined:

The email (RFC822) attribute of the subjectAltName field. Select this if you are matching against the administrator email address in your user directory

The Subject distinguished name, which defines the entity associated with this certificate

The unique serial number for each certificate issued by a particular Certification Authority (CA).

Click OK.

The properties that you selected are displayed in the Certificate Matching area on the TRITON Settings > Two-Factor Authentication page.