Logging on with certificate authentication

Before you begin

When certificate authentication is enabled, the process works as described in How certificate authentication works.

If no certificate match is found, the logon process depends on the fallback options that have been set up:

Steps

  • Attribute matching checks if the client certificate contains a property matching a specific LDAP attribute in the configured user directory.
  • Password authentication can be enabled in case certificate matching and attribute matching fails.

Next steps

If neither of these options is available, administrators cannot log on without a matching certificate.

If all administrator accounts are configured to use certificate authentication, and an issue arises in which administrators do not have client certificates or certificate matching is failing, it is possible to log on to the Security Manager as follows:

  1. Open a browser on the Forcepoint management server machine (for example, via a Remote Desktop Connection).
  2. Go to the URL https://127.0.0.1:9443/ (or https://localhost:9443/).
  3. Log on using the admin user name and password.

Next, configure certificate authentication options to provide a fallback for other administrators (see Configuring two-factor authentication).