# Global Settings

The **Global Settings** page allows administrators to configure account-wide behaviors that apply across all users, certificates, and workflows in CERTInext. You will be on the "Account Configuration" menu. These settings help enforce security controls, standardize communication, and ensure consistent notification and alerting across the organization. Proper configuration of global settings is essential for secure operations and predictable certificate lifecycle management.

This page is typically accessed by account administrators and governs authentication, language preferences, notifications, and operational contact details.&#x20;

## Authentication Settings

Global authentication settings define how users access CERTInext and help enforce organizational security policies.

<figure><img src="/files/0vNj5eYcZ6Adfp6mLZrR" alt=""><figcaption></figcaption></figure>

### Enforce Two-Factor Authentication (2FA)

Enables mandatory two-factor authentication for all users using T-OTP based authentication. This adds an additional security layer beyond passwords and helps protect administrative and operational access.

### Enable Single Sign-On (SSO)

Allows users to authenticate using the organization’s identity provider. SSO simplifies user access management, supports centralized identity governance, and aligns CERTInext access with enterprise IAM policies.

The updated CERTInext UI supports multiple SSO and federated authentication methods, including:

* **SAML 2.0**
* **OpenID Connect (OIDC)**
* **Active Directory (AD/LDAP)**
* **Microsoft Login**
* **Google Login**

These authentication methods can be configured centrally under the **Authentication Settings** section.

#### SAML 2.0 Authentication

The **SAML 2.0** configuration allows CERTInext to integrate with enterprise Identity Providers (IdPs) such as:

* Okta
* Azure AD
* Ping Identity
* OneLogin
* Google Workspace
* ADFS

Administrators can configure:

* ACS URL
* Entity ID / Audience
* Name ID Format
* IdP Metadata XML
* SSO Login URL
* Signing Certificates

This enables federated login using enterprise credentials while supporting centralized identity governance and MFA enforcement.

#### OpenID Connect (OIDC)

The **OpenID Connect** configuration supports modern OAuth-based identity providers and cloud authentication platforms.

Supported providers include:

* Azure AD / Microsoft Entra ID
* Google Workspace
* Auth0
* Okta
* Custom OIDC providers

Administrators can configure:

* Client ID
* Client Secret
* Discovery URL
* Authorization URL
* Token URL
* UserInfo URL
* PKCE settings
* Scopes (openid, email, profile)

OIDC enables secure token-based authentication and simplified integration with cloud-native identity platforms.

#### Active Directory (AD) Authentication

The **Active Directory** authentication option allows users to log in using enterprise AD credentials.

CERTInext supports:

* LDAP / LDAPS integration
* Multiple AD connectors
* Cross-domain and cross-forest authentication
* User synchronization
* Group-to-role mapping

Administrators can configure:

* LDAP Connectors
* Search Filters
* Email Domain Mapping
* Default User Roles
* User Sync Intervals
* Automatic User Activation / Deactivation

This integration aligns CERTInext authentication with enterprise Windows identity infrastructure.

#### Microsoft Login

CERTInext supports direct authentication using Microsoft accounts through integrated SSO workflows.

Users can authenticate using:

* Microsoft 365 accounts
* Azure AD / Entra ID accounts
* Corporate Microsoft credentials

This option simplifies user onboarding and enables seamless enterprise login experiences for Microsoft-based environments.

#### Google Login

CERTInext also supports authentication using Google accounts.

Users can log in using:

* Google Workspace accounts
* Corporate Gmail identities
* Standard Google accounts (where permitted)

This option is particularly useful for organizations using cloud-first collaboration and identity environments.

These authentication settings help ensure that access to certificate and trust operations is protected, centralized, and auditable across enterprise environments.

### Language Preferences

Language settings control the default language used across the platform and in system communications.

* **Default Language**\
  Sets the primary language for the CERTInext user interface.
* **Email Notification Language**\
  Defines the language used for all system-generated email notifications, including certificate and order-related communications.

Configuring language preferences ensures consistency in user experience and external communications, especially in global or multi-region deployments.

### Notifications and Alerts

Notification settings control how CERTInext communicates important lifecycle events, operational alerts, and account-level information.

**Support Contact Information**

Administrators can configure:

* **Support Email**
* **Support Contact Number**
* **Support Display Name**

These details are included in customer-facing notifications to provide clear points of contact for certificate-related queries or issues.

### Certificate Renewal Notifications

CERTInext allows fine-grained control over certificate renewal messaging to help prevent expirations and service disruption.

* **Account-wide Certificate Renewal Message**\
  A customizable message included in renewal notifications.
* **Send Certificate Renewal Notification Emails**\
  Enables automated renewal reminders to configured recipients.
* **Renewal Notification Schedule**\
  Notifications can be sent at multiple intervals before expiry (for example, 90, 60, 30, 15, 10, 5, 3, and 1 day) and after expiry.\
  This ensures stakeholders receive timely reminders aligned with operational processes.

#### Order and Provisioning Notifications

Global settings also control who receives certificate order and provisioning-related emails, including:

* Order confirmation
* CSR-related notifications
* Certificate download notifications

Additional options include:

* **Copy Technical Point of Contact (TPOC)** on order emails
* **Exclude Organization Representatives** from receiving certain order notifications
* **Configure account-level email addresses for provisioning alerts**

These controls help route notifications to the right operational teams while reducing unnecessary noise.

#### Domain Validation and Provisioning Options

* **Generate Interim DV**\
  Enables interim Domain Validation handling as part of the certificate issuance process, supporting faster provisioning workflows where applicable.

This setting helps align certificate issuance behavior with organizational validation practices.

#### Account Balance Alerts

For accounts using prepaid or balance-based models, CERTInext provides:

* **Low Account Balance Alerts**\
  Automated notifications when account balance drops below configured thresholds.

This ensures uninterrupted certificate issuance and avoids operational delays due to insufficient balance.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.certinext.io/documentation/getting-started/global-settings.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.