About Certificate Conditions
|
Secure Access also supports certificate and RADIUS authentication for remote
access VPN connection profiles.
|
A user on VPN is authenticated with both a client certificate and SAML server. The client certificates are installed on every users' device and are validated by CA certificate(s) to verify identity. SAML is an open standard that allows identity providers (IdP) to pass authorization credentials to service providers. When a user logs into a SAML-enabled application, the service provider requests authorization from the appropriate IdP. The identity provider authenticates the user's credentials and returns the authorization to the service provider. Once authorized, the user can use the application. In the case of certificate and SAML authentication, certificates are authenticated before SAML authentication.
When selected, you can configure up to two certificates to authenticate each endpoint. For each certificate, configure the following attributes:
-
Subject — The subject field identifies the entity that owns or is associated with the public key embedded in the certificate. It often corresponds to the hostname or domain name the VPN server uses.
The subject field is important because it ensures that VPN clients can verify the identity of the server they are connecting to by checking the certificate's subject against the expected hostname. The Common Name (CN) within the subject field is often used to identify the primary hostname of the server. - Issuer — The issuer field is the entity (trusted authority) that issues the digital certificates used for authentication and secure communication within a VPN. These certificates verify the identity of the VPN server and clients, ensuring secure access to the network.
- Subject alternate name — The subject alternative name field allows a single certificate to cover multiple hostnames or IP addresses, ensuring secure connections when a VPN client connects to a server with different names or addresses.
You select the Type to check when validating the endpoint certificate. You can manually enter a Value, or you can select SAML attribute name from the Type drop-down to use the values provided by the SAML identity provider (IdP) that is integrated with Secure Access.