Skip to main content
If customers are using TOTAL Protect for frontline access (Shared Workstation) or TOTAL Protect Authenticator for Windows with a smart card, they must enable Certificate based authentication on Entra ID. By enabling this authentication method in Entra ID, organizations can ensure users experience smooth logon processes across both Microsoft Windows and macOS platforms, even without traditional federated identity solutions.
  • Organizations need to have at least one certification authority (CA) in place, which could be part of an on-premises Public Key Infrastructure (PKI) or a cloud-based PKI solution like TruU Cloud PKI
  • Users should possess a client authentication certificate from a trusted PKI that has been configured on the tenant
  • Only users with Global admin or Privileged Authentication Administrator roles have the necessary permissions to configure the CA
  • CA requires an internet-facing URL that is accessible and has a published Certificate Revocation List (CRL)
Configure Entra ID Certificate Based Authenticaiton CBA with Entra ID and Cloud Trust