Authorizing identity access for API Keys
Set Authentication Methods
- (Optional) Configure IIS Manager to accept certificate authentication for Remote Web SDK clients. Recommended for POST Authorize/Certificate.
- From the Platform menu click API > Default Settings.
- Enabled: Default. Allow multi-factor authentication for devices. A successful response, includes a web link to complete the authentication.
-
Disabled: Block browser-based authentication.
-
(Optional) Complete the Certificate Authentication section:
Certificate Authentication Settings Field
Parameter
X.509 Identity Field The field for Trust Protection Platform Authentication Server to use as the user identity:
- SubjectAltName: UPN: The identity that also has access to the
Web SDK.
- SubjectAltEmail: The email address (es).
- CN: The certificate name (CN). For local identities, always specify CN.
Trusted Certificate Authorities The CA(s) that are approved to issue client certificates for authentication. Select a Trusted Certificate Authority certificate from the Roots tree. - SubjectAltName: UPN: The identity that also has access to the
Web SDK.
- Click Save.
- Either wait 10 minutes or remote into the server and from the command line, type iisreset.
|
Authentication |
Trust Protection Platform Authentication Server setting |
|---|---|
| Username & Password | The client passes a user name and password to the VEDAuth server. Recommended for POST Authorize/Oauth. |
| Integrated MS Windows Authentication | Default. The client passes Windows credentials to the VEDAuth server. |
|
Browser-based authentication |
Default. Required for POST Authorize/Device. Recommended for multi-factor SAML authentication: |
|
JSON web token |
A token in JSON format that is used to communicate between a trusted identity provider and Venafi Platform. |
|
Certificate |
The caller passes a client certificate to the VEDAuth server. |