Example Device Restrictions Configuration Sequence Using External CAs
This section describes an example of the sequence to configure device restrictions using AD CS or an external service CA.
The external CA issues device certificates. The IIJ ID Service verifies these device certificates using the CA certificate chain.
Using an external CA enables the use of device certificates already installed in user devices for IIJ ID Service authentication.
| 1. Configure Device Certificate Authentication (ID Administrator) | |
|---|---|
| 1.1 Retrieve CA Certificate Chain and CRL from External CA | |
| 1.2 Configuring External CAs | |
| 1.3 Configuring Certificate Revocation Settings (When Required) | |
| 1.4 Configuring Certificate Filtering Settings (When Required) | |
| 1.4 Enabling Multi-factor Authentication as the User Login Rule | |