The PKI Authentication Module allows authentication of BelManage users with PKI (Public Key Infrastructure) certificates presented by their web browsers, or CAC authentication. PKI certificate authentication is handled by both BelManage and the IIS web server working together. The web server accepts, authenticates, and associates the certificate with a web session. BelManage associates the certificate attributes with an account and assigns the security rights of that account to the web session.
Deployment and Use
Once installed, the system can be configured to authenticate in any of these three ways:
After running the installer, BelManage is configured to collect and store certificates (#2 above). Users can logon to BelManage with user name and password, and any certificate presented by their browser is associated with that account. The Users Administration page can then be used to view or edit the certificate associated with each user account.
Once the system has had adequate time to collect most or all of the users' certificates, the configuration is changed to authenticate users with the certificate (#3 above). Users are no longer permitted to authenticate with a user name and password, and the system automatically logs users on when a certificate is presented. Entry of certificates is now done through the Users Administration web page, and automatic collection of certificates is disabled.
The certificate for a user may be obtained through an enterprise directory or a certificate file with the public key.
Term
PKI Authentication Module includes a perpetual license.
Product Requirements
BelManage system.