Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Setting up attribute matching
Security Manager Help | Web, Data, and Email Protection Solutions | v8.5.x
Use the page Global Settings > General > Two-Factor Auth > Configure Attribute Matching to define the administrator LDAP property that matches against a property in the certificate provided.
To configure attribute matching:
1.
From the page Global Settings > General > Two-Factor Auth, follow the steps under Configuring two-factor authentication to enable certificate authentication.
2.
In the section Certificate Matching, click Configure Attribute Matching.
The Attribute Matching page displays.
3.
In the section Administrator Property, select a property from the administrator user directory to use to match against the administrator's certificate. This can be:
*
The administrator Email address (local and network accounts)
*
LDAP distinguished name (network accounts only)
*
User name (local and network accounts)
*
A Custom LDAP field (network accounts only)
 
Note 
4.
If you have defined a custom LDAP field, click Verify Administrator Property to confirm that the property exists in your user directory. Select a network administrator account to verify against.
 
Note 
When you save the settings on this page, the custom property is imported for all applicable accounts (network only, or local and network accounts) in the Security Manager. To change this field at a later date, click Update Property to import the new attribute matching value.
5.
In the Certificate Property section, select the property in the administrator's logon certificate to match against the LDAP property that you defined:
*
*
*
6.
Click OK.
The configured properties display in the Certificate Matching section on the page General > Two-Factor Auth.

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Copyright 2018 Forcepoint. All rights reserved.