Allow users to generate and authenticate with certificates.
You are assigned the Manage Tenant Configuration role. For more information about how to assign administrator roles, see Edit Administrator Authorizations.
By enabling certificate generation and authentication for the users, they can log on to applications with the generated certificate without the need to provide username and password.
The tenant administrator can configure the system to allow the following types of users to generate their own certificates via the profile page and to authenticate with them:
- Public
- Customer
- Partner
- Employee
The certificate generation and authentication is disabled by default for all user types. When you allow it for a user type, the user of this type should go to the profile page and generate a certificate for authentication. Once the certificate is generated, it's downloaded to the user's system. When the user imports it to the certificate store or browser, the newly generated certificate is ready for authentication. When the user navigates to the logon page of the application, he or she is automatically authenticated with the certificate. If the authentication fails, the user is prompted to provide username and password.
If you have an already configured X.509 client certificate used for user authentication, the users won't be able to authenticate with their own certificates generated via the profile page, and vice versa.
To allow certificate generation and authentication, proceed as follows:
-
Sign in to the administration console for SAP Cloud Identity Services.
-
Under Applications and Resources, choose the Tenant Settings tile.
At the top of the page, you can view the administrative and license relevant information of the tenant.
-
Choose the Certificate Authentication list item.
-
Use the slider next to a user type to enable certificate authentication.
If the operation is successful, you receive a confirmation message.
Enable the Credential change security alert emailing to inform the user when a certificate generated or removed. For more information, see Send Security Alert Emails.
Related Information
Tenant SAML 2.0 Configurations
Get SAML 2.0 IdP Metadata via Parameter
Tenant OpenID Connect Configurations
Change Tenant Texts Via Administration Console
Configure Master Data Texts Via Administration Console
Configure Links Section on Sign-In Screen
Add Instructions Section on Sign-In Screen
Configure X.509 Client Certificates for User Authentication
Configure Allowed Logon Identifiers
Configure User Identifier Attributes
Configure Trust this browser Option
Enable Back-Up Channels to Send Passcode for Deactivation of TOTP Two-Factor Authentication Devices
Configure Initial Password and Email Link Validity
Use Custom Domain in Identity Authentication
Change a Tenant's Display Name
Configure Default Risk-Based Authentication for All Applications in the Tenant
Configure Sinch Service in Administration Console
Configure RADIUS Server Settings (Beta)
Configure Mail Server for Application Processes
Send System Notifications via Emails
Configure Customer Managed Keys in Administration Console (Restricted Availability)
Configure Default Language for End User Screens
Reuse SAP Cloud Identity Services Tenants for Different Customer IDs