Currently Universal ZTNA will
authenticate user certificates using one of two specific formats. Use this task to
select the client certificate attribute that Universal ZTNA should examine to detect the
username (an email address).
-
Go to .
-
From the Certificate Attribute for
Username field, select one of the three options:
Note
Universal ZTNA expects the Username to
be an email address or a User Principal Name (UPN). Other values will be
rejected.
- Subject Distinguished
Name | Common Name - The Subject field of
the certificate the CN or Common
Name must contain the full email address of the client.
- SAN | Email Address - The
SAN or Subject Alternative
Name must contain either an email attribute, or that attribute
must contain the full email address of the client.
- SAN | User Principal Name
- The UPN must be the user‘s complete email address.
-
If the username cannot be
determined by the Matching Criteria, define the action to be performed. In Universal ZTNA you can select the Reject Authentication
Request or leverage the username value from the RADIUS Request
and select Match with RADIUS Username.
-
Select Update.
Once you have matched the client
criteria, go to Connect with OCSP Responder.
