Documentation | Support

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Configuring Global Settings > Configuring two-factor authentication > Setting up attribute matching
Setting up attribute matching
Security Manager Help | Web, Data, and Email Protection Solutions | v8.5.x
Use the page Global Settings > General > Two-Factor Auth > Configure Attribute Matching to define the administrator LDAP property that matches against a property in the certificate provided.
To configure attribute matching:
1.
From the page Global Settings > General > Two-Factor Auth, follow the steps under Configuring two-factor authentication to enable certificate authentication.
2.
In the section Certificate Matching, click Configure Attribute Matching.
The Attribute Matching page displays.
3.
In the section Administrator Property, select a property from the administrator user directory to use to match against the administrator's certificate. This can be:
*
The administrator Email address (local and network accounts)
*
LDAP distinguished name (network accounts only)
*
User name (local and network accounts)
*
A Custom LDAP field (network accounts only)
 
* 
Note 
If you are using a generic LDAP user directory, you must specify a custom field.
4.
If you have defined a custom LDAP field, click Verify Administrator Property to confirm that the property exists in your user directory. Select a network administrator account to verify against.
 
* 
Note 
The Verify Administrator Property button appears only if you have configured a user directory in Global Settings and set up at least one network administrator account.
When you save the settings on this page, the custom property is imported for all applicable accounts (network only, or local and network accounts) in the Security Manager. To change this field at a later date, click Update Property to import the new attribute matching value.
5.
In the Certificate Property section, select the property in the administrator's logon certificate to match against the LDAP property that you defined:
*
The email (RFC822) attribute of the subjectAltName field. Select this if you are matching against the administrator email address in your user directory.
*
The Subject distinguished name (DN), which defines the entity associated with this certificate.
*
The unique serial number for each certificate issued by a particular Certification Authority (CA).
6.
Click OK.
The configured properties display in the Certificate Matching section on the page General > Two-Factor Auth.

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Configuring Global Settings > Configuring two-factor authentication > Setting up attribute matching
Copyright 2018 Forcepoint. All rights reserved.