Multiple Login Options

CERTInext provides multiple secure authentication methods to support diverse enterprise environments, user preferences, and security policies. Users can log in using password-based authentication, OTP verification, digital certificates, enterprise identity providers (Active Directory, SAML, OIDC), and social/enterprise SSO providers such as Microsoft and Google.

This flexibility enables organizations to align authentication with Zero Trust principles, identity governance, and enterprise security standards.

Available Login Methods

CERTInext supports the following login options:

1. Password-Based Login

• Users authenticate using registered email ID and password

• Supports password policies and reset mechanisms

Best suited for: General users and standalone environments

2. OTP-Based Login

• Users enter their registered email ID

• A One-Time Password (OTP) is sent to email

• OTP is used for authentication

Best suited for: Passwordless and secure access scenarios

3. Digital Certificate Login

• Authentication using client certificates installed on device

• Certificate must be pre-mapped to user account

Path: My Profile → Add Certificate

Best suited for: High-security and regulated environments

4. Active Directory (AD) Login

• Login using enterprise AD credentials

• Supports:

  • UPN ([email protected])

  • DOMAIN\username

Best suited for: On-prem enterprise identity environments

5. Single Sign-On (SSO – SAML / OpenID Connect)

CERTInext supports enterprise SSO using:

• SAML 2.0

• OpenID Connect (OIDC)

Common providers:

• Azure AD

• Okta

• Custom enterprise IdPs

Best suited for: Federated identity and enterprise authentication

6. Microsoft SSO Login

• Users can authenticate directly using their Microsoft account (Azure AD / Entra ID)

• Available as a one-click login option on the login screen

How it works:

• Redirects user to Microsoft identity platform

• Authenticates via corporate or personal Microsoft account

• Returns authenticated identity to CERTInext

Best suited for: Organizations using Microsoft 365 / Azure AD

7. Google SSO Login

• Users can log in using their Google account (Google Workspace or personal Gmail)

• Available directly on the login screen

How it works:

• Redirects to Google authentication

• User signs in and grants access

• CERTInext maps authenticated identity

Best suited for: Organizations using Google Workspace or cloud-first environments

How to Enable Login Methods

Navigate to:

Settings → Account Configuration → Authentication Settings

Step 1: Enable Authentication Controls

• Enable Single Sign-On (SSO)

• Enable 2FA (optional but recommended)

Microsoft SSO Configuration

Microsoft login is typically enabled via OpenID Connect (OIDC).

Steps:

1. Navigate to: Settings → Account Configuration → OpenID Connect

2. Register an application in Azure Portal (Entra ID)

3. Configure:

   • Client ID

   • Client Secret

   • Redirect URL (from CERTInext)

4. Provide OIDC details in CERTInext:

   • Discovery URL: https://login.microsoftonline.com/{tenant}/v2.0/.well-known/openid-configuration

   • Scopes: openid email profile

5. Save configuration

Once configured, Microsoft login button is activated on login screen

Google SSO Configuration

Google login is also enabled using OpenID Connect (OIDC).

Steps:

1. Navigate to: Settings → Account Configuration → OpenID Connect

2. Create OAuth credentials in Google Cloud Console

3. Configure:

   • Client ID

   • Client Secret

   • Authorized Redirect URI

4. Use Google endpoints:

   • Authorization URL: https://accounts.google.com/o/oauth2/v2/auth

   • Token URL: https://oauth2.googleapis.com/token

   • User Info URL: https://openidconnect.googleapis.com/v1/userinfo

5. Set scopes:

   • openid email profile

6. Save configuration

Once configured, Google login button is enabled

Active Directory (AD) Setup

Enable AD Login

• Select Active Directory in Authentication Settings

• Configure default role

Configure LDAP Connectors

Navigate to:

Integrations → LDAP Connectors

Provide:

• Host, Port

• Base DN

• Bind credentials

• Search filter

Test and save connection

Attribute Mapping

Map:

• Email → mail

• Username → userPrincipalName

Role Mapping

Map AD groups to CERTInext roles

User Sync

• Enable periodic sync

• Configure activation/deactivation behavior

SAML 2.0 Setup

1. Copy SP details from CERTInext

2. Configure in IdP

3. Upload metadata

4. Save

OpenID Connect Setup

Provide:

• Client ID / Secret

• Discovery URL

• Token & UserInfo endpoints

• Scopes

Enable PKCE if required

Login Experience

• Users see multiple login options on the login page:

  • Password

  • OTP

  • Digital Certificate

  • Active Directory

  • Microsoft

  • Google

  • SSO

• Available options depend on configuration

Security Best Practices

• Prefer SSO (Microsoft/Google/IdP) with MFA

• Use certificate-based login for critical roles

• Restrict password login where possible

• Enable user sync for AD environments

• Regularly review access and role mappings

CERTInext supports a comprehensive set of authentication methods including enterprise SSO, Active Directory, Microsoft, and Google login. This ensures seamless user access while maintaining strong identity security, compliance, and centralized control.