>
Policies
> Authenticators.
The Authenticators page
appears.
Configure a policy to allow User Certificate authentication. Before you begin, ensure that you review the limitations and steps required to set up user certificate authentication. See Manage user certificate authenticators.
Modify User Certificate authenticator settings
1. Click
>
Policies
> Authenticators.
The Authenticators page
appears.
2. Select User Certificate Authenticator. The User Certificate Authenticator page appears.
3. Add User Matching Rules, as follows:
a. Click Add. The Add Matching Rule dialog box appears.
b. From the Certificate Component drop-down list, select the components of the user certificate that are used to match the user. You must select at least one and then add the user attribute that matches the component.
c. From the User Attributes drop-down list, select the user attribute that matches the Certificate Component.
Supported system user attributes include user ID (including user aliases), User Principal Name, and security ID. Custom user attributes are also supported.
d. Repeat these steps to add more User Matching Rules.
Note: You must add at least one user matching rule, and additionally ensure that your users have the required values mapped in their User Profile. See Edit, delete, unlock, and disable users.
4. Enter the Mandatory Policy OIDs. Separate each OIDs on a new line.
5. Enter the Prohibited Policy OIDs. Separate each OIDs on a new line.
Note: The Policy OIDs ensure that only certificates with the appropriate policies can be used.
6. Click Save. The User Matching Rule is added to the User Certificate Authenticator.
7. Optionally.
Click 
to display the Reorder
Matching Rules dialog box.
8. Click
and drag to reorder the user
matching rules.
9. Optionally.
Click 
to delete a user matching rule.