Configure Your Two-Factor Authentication Rules

The two-factor authentication option that you select to set up your DigiCert account determines what you need to do to configure your two-factor authentication requirements (rules).

If you have a Direct account, see Direct Cert Portal: Two-Factor Authentication for instructions on how to configure two-factor authentication for your Direct Cert Portal.

If Using the “Do not force” Option

If you selected the Do not force option, you need to the complete the following steps to implement two-factor authentication for your DigiCert account:

1. Turn On Two-Factor Authentication

You need to log into your DigiCert account and turn two-factor authentication on before you can configure your two-factor authentication requirements for you and your users.

How to Turn On Two-Factor Authentication

2. Configure Your Two-Factor Authentication Requirements

You need to configure your two-factor authentication requirements for your account users, members of specific roles, and/or specific individual users.

How to Configure Your Two-Factor Authentication Requirements

If you are familiar with the process and just need to see specific steps:

How to Configure an Account-wide Requirement
How to Configure a Requirement for the Members of a Role
How to Configure a Requirement for a Specific Individual User
How to Allow OTP App Authenticators to Verify a Computer for 30 Days

3. (Optional) Turn Off Two-Factor Authentication

If needed, you can turn off two-factor authentication and revert to using one-factor authentication (DigiCert account credentials only) to log into the DigiCert® Management Console. Note that turning off two-factor authentication does not delete your rules or any of the Client Certificates and/or OTP App Devices configured for your account.

How to Turn Off Two-Factor Authentication

If Using the “Client Certificate” Option

If you selected the Client Certificate option, two-factor authentication was turned on, and an account-wide Client Certificate requirement was automatically configured for you

There is nothing that you need to do to implement two-factor authentication for your DigiCert account other than log into your DigiCert account and generate your Client Certificate. See Generating Your Client Certificate

However, you can configure one-time password requirements for members of a role or for specific users.

How to Configure a Requirement for the Members of a Role
How to Configure a Requirement for a Specific Individual User
How to Allow OTP App Authenticators to Verify a Computer for 30 Days

If Using the “One-Time Password (OTP)” Option

If you selected the One-Time Password (OTP) option, two-factor authentication was turned on and an account-wide one-time password requirement was automatically configured for you.

There is nothing that you need to do to implement two-factor authentication for your DigiCert account other than log into your DigiCert account and initialize your OTP App Device. See Initializing Your OTP App Device.

However, you can configure OTP to allow your OTP authenticators to verify their computers for 30 days. You can also configure Client Certificate requirements for members of a role or for specific users.

How to Allow OTP App Authenticators to Verify a Computer for 30 Days
How to Configure a Requirement for the Members of a Role
How to Configure a Requirement for a Specific Individual User

Configuration Instructions