Access: User Account as Client Certificate Account

Adding a Client Certificate Account

The following describes how to add a new client certificate user account for the Next Generation Hardware Appliance. Adding a new user account also allows you to remove the Initial OTP User to avoid security concerns.

You need to add at least one trusted Certificate Authority (CA) and the corresponding certificate before you can use a Client Certificate account.

Proceed as follows to create a new User Account for the appliance:

1. Log in to your Next Generation Hardware Appliance.

2. Open the Access page.

3. In the section User Accounts click Add User Account.

4. The corresponding form will open. Enter the required information.

   1. Authentication Type, select the option Client Certificate.

   2. Certificate Details the X.509 Match Type is already preselected.
      Default in the list and recommended match type is the Certificate serial number.

   3. Specify the Match Value for the selected Match Type.

5. Click Add User Account to confirm your entries. The new User appears in the list of User Accounts.

Since the Appliance is often managed by different persons, you should remove the Initial OTP User once you have created a new user account in order to avoid security issues. In case you are logged in with the Initial OTP user account, you need to re-login using the newly added user account before removing the initial account.

Secure Account Management

The Next Generation Hardware Appliance is designed to prevent you from locking yourself out of the system. The Remove button is inactive for the currently logged-in user (OTP, OAuth or client certificate), ensuring that they cannot remove their own access.

For a client certificate account you need to add the correct Match Type for the first Match Value rule that you specify.