Requiring Certificates

Certificate requirements can be configured in any user policy and assigned to users accordingly. You can choose between installing certificates in a user's browser manually or allowing users to install them the next time they sign into OneLogin.

Warning: All users with device trust required, including admins, can only access OneLogin if a PKI certificate is installed on their device. If an administrator account becomes locked out, please contact OneLogin Support for assistance.

Creating and Downloading Certificates

If you choose not to allow self-installations, you need to manually create and install certificates for your users.

1. Go to the user record for the relevant user and select Download PKI Cert from the More Actions menu.

2. • If this is the first time you're downloading this certificate, create a new password to enter and click Download. Make sure to keep this password in your records, as it will be required to re-download the certificate again.

   • If you are re-downloading this certificate to replace a lost or expired certificate, enter the password you previously created.

     Note: When you generate a new certificate, any previous certificates are no longer valid. They are not revoked from existing installations, but cannot be used in new installations.

   

3. Install the certificate on the user's device, or distribute the certificate to them with a safe distribution method and instruct them to install it on their device. Windows and Mac OS X operating systems handle certificate installation themselves. For Linux, you must use browser-specific certificate installation processes.

   Important: Ensure that you or the user deletes the certificate file from their hard drive after the certificate is installed. Certificates should be handled with care, just like a physical authentication token such a USB key.

Browser Compatibility