Certificate is a document, issued by a certification authority and intended for identifying (validating) the user, who is signing in to the ELMA system. This feature provides increased security of the system.
Binding a certificate to a user account does not provide a proper level of security. To allow signing in to the system only with a certificate (without login and password authentication), you have to add the required certificate to the trusted devices and allow signing in to the system only from trusted devices.
Settings on ELMA Server
To make signing in to ELMA with a certificate possible, configure the following parameters on the server:
configure certification authority;
obtain root certificates;
import the obtained certificates (external / internal) to the browser;
in Web Application, go to Administration – System – System Settings, Security Settings unit, and select Yes in the Allow to sign in by certificate field.
Settings on a user PC
To make signing in to ELMA with a certificate possible, configure the following parameters on the user PC:
install the CAPICOM plugin to the browser (if you use Internet Explorer). If you do not have this plugin, download it from the official Microsoft website;
obtain user certificates;
import the obtained certificates (external / internal) to the browser.
Correct operation of certificates is available only when using Mozilla Firefox and/or Internet Explorer.
After you have completed all the described settings, signing in to ELMA with a certificate will be available. If the certificate is set in a particular browser on a user PC, signing in with this certificate will be available only from this browser for the current user.
The certification authority validates the selected certificate with the root certificate, and if it is valid, the user gets signed in to the ELMA system.