>
Resources
> Certificate Authorities.
The Certificate Authorities
page appears.
Identity as a Service supports a user DN if you want to publish certificates to Active Directory.
When using a Microsoft CA, the user’s DN value is the preferred way to populate certificate subject DN values. This DN value is used by default for Card Holder certificates.
You can use the following methods to set the certificate subject DN:
● AD sync—The DN is automatically populated. See Trigger on-demand synchronization. This is the recommended solution if you are using AD Sync. There is no additional configuration required and you can skip this section
● Local user—Add a custom user attribute called DN, and update the user profile with the correct DN value. See Create and manage user attributes and Edit users.
● Modify the card holder Digital ID to use first name and last name as the certificate subject DN, as described in the procedure below.
Modify the PIV Cardholder or PIV Cardholder 1kpDigital ID
1. Click
>
Resources
> Certificate Authorities.
The Certificate Authorities
page appears.
2. On the Certificate Authorities page, click the Name of the CA. The Edit Certificate Authorities page appears.
3. Click the PIV Cardholder or PIV Cardholder 1kp listed in the Digital ID Configuration. The Edit Microsoft Digital ID Configuration page appears.
4. Change the DN Format to cn= <firstname> <lastname>
5. Select Include Searchbase in DN.
6. Click Save.