Help ELMA BPM Platform

Sign In with Certificate

Required conditions

Binding a certificate to a user profile

Sign-in with a certificate in Mozilla Firefox

Sign-in with a certificate in Internet Explorer

Errors that appear when signing in with a certificate

Unbinding a certificate from a user

Signing in with a certificate rises the security level of information security of the system.

If the certificate is bound to a user profile, it is only possible to sign from the computer to which the profile is tied.

It is possible to sign in ELMA with a certificate only through Mozilla Firefox and Internet Explorer.

Binding a certificate to a user account

To log in with certificate, you first need to bind it to your user account. For that, first log in with a login and password, then open your profile and in the User Management section click on Bind certificate (fig. 1).

Fig. 1. User Profile. "Link certificate"

Attention!

If a Certification Center is specified in Security Settings, only certificates approved by this certification center can be bound to a user account.

Working with certificates in Mozilla Firefox and Internet Explorer differs, so there are specific instructions for each browser.

Mozilla Firefox

When you click Bind certificate, a confirmation window will open (fig. 2). In the drop-down list, select the required certificate and click OK.

The drop-down list contains all the certificates stored in the computer from which you are trying to log in at the moment.

Fig. 2. Confirmation window

If the certificate is bound successfully, you will see a respective notification (fig. 3).

Fig. 3. Notification about successful certificate registration

Internet Explorer

To manage certificates in Internet Explorer you will need to use the CAPICOM component. In case you do not have it installed, when you click on Bind certificate, your browser will notify you and install it automatically.

After you click on Bind certificate, a window opens, listing all the certificate stored in the computer from which you are trying to log in. Select the required certificate and click Bind (fig. 4).

Fig. 4. Certificate selection window

If the certificate is bound successfully, you will see a respective notification (fig. 5).

Fig. 5. Notification about successful certificate registration

After having been bound to a user account, the certificate is added to the list of trusted devices.

Logging in with certificate in Mozilla Firefox

To access ELMA with a certificate, type in the address and name of ELMA server and connection port in your browser's address bar. In the authentication window, click

in the bottom right corner (fig. 6). You will see a window for signing in with token or certificate. Click Sign in by certificate (fig. 7).

Fig. 6. Authentication window

Fig. 7. Sign in with certificate or token

Certificate confirmation window will open (fig. 8).

Fig. 8. Confirmation window

Select the required certificate and click OK.

The drop-down list contains all the certificates stored in the computer from which you are trying to log in. You will log into the system if you select the correct certificate.

Signing in with certificate in Internet Explorer

To sign in by certificate, type in the address and name of ELMA server and connection port in your browser's address bar. In the authentication window, click

(fig. 6) in the bottom right corner. You will see a window for signing in with token or certificate. Click Sign in by certificate (fig. 7).

If you set the Allow signing in with a certificate only parameter to Yes in Administration – System – Security Settings – General Settings and a default certificate is selected in the user profile, the user will see a dialog box (fig. 9), where the user needs to enter a login and click Sign in.

Fig. 9. Selecting a certificate to sign in to the system

If you set the Allow signing in with a certificate only parameter to No in Administration – System – Security Settings – General Settings, the user will see a dialog box (fig. 10), where the user needs to select the encryption provider selected in user profile and click Sign in.

Рис. 10. Окно авторизации в системе. Выбор криптопровайдера

Then, in the drop-down list select a certificate (fig. 9) and click Sign in.

Fig. 11. Certificate selection window

Possible errors when signing in by certificate

When you are signing in by a certificate, an error might appear in one of the following cases:

the certificate management conditions are not satisfied;
the certificate is not linked to the user;
you have selected a wrong certificate when signing in;
the certificate is not approved by the Certification Center;
the certificate is not installed in your browser.

Error message example: This certificate is not bound to a user (fig. 12).

Fig. 12. Error message

Unbinding a certificate from a user account

If you do not need to use the certificate any longer, you can unbind it.

For that, open the user profile and click edit on the right-hand side of the Trusted Devices section (fig. 13).

Fig. 13. User Profile. Edit option

You will see a list of all the user's trusted devices (fig. 14). Click on the

icon next to the certificate that you wish to unlink.

Fig. 14. Page featuring user's trusted devices

A new dialogue box will open for you to confirm that you wish to delete the device from the list (fig 15). Click Yes to unbind the certificate.

Fig. 15. Confirmation dialogue box