Setting up attribute matching

Security Manager Help | Web, Data, and Email Protection Solutions | v8.4.x

Use the Global Settings > General > Two-Factor Auth > Configure Attribute Matching page to define the administrator LDAP property that matches against a property in the certificate provided.

Under Administrator Property, select a property from the administrator user directory to use to match against the administrator's certificate. This can be:

The administrator Email address (local and network accounts)

LDAP distinguished name (network accounts only)

User name (local and network accounts)

A Custom LDAP field (network accounts only)


	Note If you are using a generic LDAP user directory, you must specify a custom field.

If you have defined a custom LDAP field, click Verify Administrator Property to confirm that the property exists in your user directory. Select a network administrator account to verify against.


	Note The Verify Administrator Property button appears only if you have configured a user directory in Global Settings, and set up at least one network administrator account.

When you save the settings on this page, the custom property is imported for all applicable accounts (network only, or local and network accounts) in the Security Manager. To change this field at a later date, click Update Property to import the new attribute matching value.

Under Certificate Property, select the property in the administrator's logon certificate to match against the LDAP property that you defined:

The email (RFC822) attribute of the subjectAltName field. Select this if you are matching against the administrator email address in your user directory.

The Subject distinguished name, which defines the entity associated with this certificate.

The unique serial number for each certificate issued by a particular Certification Authority (CA).

Click OK.

The properties that you selected are displayed in the Certificate Matching area on the General > Two-Factor Auth page.