Use this guide as a reference to configure a SecureAuth IdP realm that utilizes X.509 certificate enrollment.
This is commonly used for VPN integrations that require certificates for Multi-Factor Authentication access.
Depending on how end-users will access the VPN, specific workflows can be configured on top of these configuration steps
Refer to Standard 2-Factor Authentication Workflow Configuration, Username Only or Username and Password Only Workflow Configuration, Valid Persistent Token + Registration Code Workflow Configuration, or Validate Persistent Token Only or Valid Persistent Token + Password Workflow Configuration for more specific workflow options
1. In the Product Configuration section, select Certificate Enrollment Only from the Integration Method dropdown
In versions 9.0.1+, this step is located in the Device Recognition Method section
Click Save once the configurations have been completed and before leaving the Workflow page to avoid losing changes
2. Select Native Mode Cert Landing Page from the Authenticated User Redirect dropdown
Click Save once the configurations have been completed and before leaving the Post Authentication page to avoid losing changes