Example Device Restrictions Configuration Sequence Using External CAs
This section describes an example of the sequence to configure device restrictions using AD CS or an external service CA.
The external CA issues client certificates. The IIJ ID Service verifies these client certificates using the CA certificate chain.
Using an external CA enables the use of client certificates already installed in user devices for IIJ ID Service authentication.
| 1. Configure Device Certificate Authentication (ID Administrator) | |
|---|---|
| 1.1 Retrieve CA Certificate Chain and CRL from External CA | |
| 1.2 Configuring External CAs | |
| 1.3 Configuring Certificate Revocation Settings (When Required) | |
| 1.4 Configuring Certificate Filtering Settings (When Required) | |
| 1.4 Enabling Multi-factor Authentication as the User Login Rule | |