# Multiple Login Options

CERTInext provides multiple secure authentication methods to support diverse enterprise environments, user preferences, and security policies. Users can log in using password-based authentication, OTP verification, digital certificates, enterprise identity providers (Active Directory, SAML, OIDC), and social/enterprise SSO providers such as Microsoft and Google.

This flexibility enables organizations to align authentication with Zero Trust principles, identity governance, and enterprise security standards.

### **Available Login Methods**

CERTInext supports the following login options:

#### **1. Password-Based Login**

* Users authenticate using registered email ID and password
* Supports password policies and reset mechanisms

**Best suited for:**\
General users and standalone environments

<figure><img src="/files/TDuMABD0HPKjZganS6TA" alt=""><figcaption></figcaption></figure>

#### **2. OTP-Based Login**

* Users enter their registered email ID
* A One-Time Password (OTP) is sent to email
* OTP is used for authentication

**Best suited for:**\
Passwordless and secure access scenarios

<figure><img src="/files/neV3FEB8WSiDHB2Xyf47" alt=""><figcaption></figcaption></figure>

#### **3. Digital Certificate Login**

* Authentication using client certificates installed on device
* Certificate must be pre-mapped to user account

**Path:**\
**My Profile → Add Certificate**

**Best suited for:**\
High-security and regulated environments

<figure><img src="/files/P09l0AYATuel1eeJUw9d" alt=""><figcaption></figcaption></figure>

#### **4. Active Directory (AD) Login**

* Login using enterprise AD credentials
* Supports:
  * UPN (<user@domain.com>)
  * DOMAIN\username

**Best suited for:**\
On-prem enterprise identity environments

<figure><img src="/files/rtvwUYtw9HQBqoi5Q87e" alt=""><figcaption></figcaption></figure>

#### **5. Single Sign-On (SSO – SAML / OpenID Connect)**

CERTInext supports enterprise SSO using:

* **SAML 2.0**
* **OpenID Connect (OIDC)**

Common providers:

* Azure AD
* Okta
* Custom enterprise IdPs

**Best suited for:**\
Federated identity and enterprise authentication

#### **6. Microsoft SSO Login**

* Users can authenticate directly using their **Microsoft account (Azure AD / Entra ID)**
* Available as a one-click login option on the login screen

**How it works:**

* Redirects user to Microsoft identity platform
* Authenticates via corporate or personal Microsoft account
* Returns authenticated identity to CERTInext

**Best suited for:**\
Organizations using Microsoft 365 / Azure AD

#### **7. Google SSO Login**

* Users can log in using their **Google account (Google Workspace or personal Gmail)**
* Available directly on the login screen

**How it works:**

* Redirects to Google authentication
* User signs in and grants access
* CERTInext maps authenticated identity

**Best suited for:**\
Organizations using Google Workspace or cloud-first environments

### **How to Enable Login Methods**

Navigate to:

**Settings → Account Configuration → Authentication Settings**

#### **Step 1: Enable Authentication Controls**

* Enable **Single Sign-On (SSO)**
* Enable **2FA (optional but recommended)**

### **Microsoft SSO Configuration**

Microsoft login is typically enabled via **OpenID Connect (OIDC)**.

#### **Steps:**

1. Navigate to:\
   **Settings → Account Configuration → OpenID Connect**
2. Register an application in **Azure Portal (Entra ID)**
3. Configure:
   * Client ID
   * Client Secret
   * Redirect URL (from CERTInext)
4. Provide OIDC details in CERTInext:
   * Discovery URL:\
     `https://login.microsoftonline.com/{tenant}/v2.0/.well-known/openid-configuration`
   * Scopes: `openid email profile`
5. Save configuration

Once configured, **Microsoft login button is activated on login screen**

<figure><img src="/files/7dZt8zm6UdV9MgbB4DOR" alt=""><figcaption></figcaption></figure>

### **Google SSO Configuration**

Google login is also enabled using **OpenID Connect (OIDC)**.

#### **Steps:**

1. Navigate to:\
   **Settings → Account Configuration → OpenID Connect**
2. Create OAuth credentials in **Google Cloud Console**
3. Configure:
   * Client ID
   * Client Secret
   * Authorized Redirect URI
4. Use Google endpoints:
   * Authorization URL: `https://accounts.google.com/o/oauth2/v2/auth`
   * Token URL: `https://oauth2.googleapis.com/token`
   * User Info URL: `https://openidconnect.googleapis.com/v1/userinfo`
5. Set scopes:
   * `openid email profile`
6. Save configuration

Once configured, **Google login button is enabled**

### **Active Directory (AD) Setup**

#### **Enable AD Login**

* Select **Active Directory** in Authentication Settings
* Configure default role

<figure><img src="/files/6flSLzwwmiriZ1N21OiK" alt=""><figcaption></figcaption></figure>

#### **Configure LDAP Connectors**

Navigate to:

**Integrations → LDAP Connectors**

Provide:

* Host, Port
* Base DN
* Bind credentials
* Search filter

Test and save connection

#### **Attribute Mapping**

Map:

* Email → `mail`
* Username → `userPrincipalName`

#### **Role Mapping**

Map AD groups to CERTInext roles

#### **User Sync**

* Enable periodic sync
* Configure activation/deactivation behavior

### **SAML 2.0 Setup**

1. Copy SP details from CERTInext
2. Configure in IdP
3. Upload metadata
4. Save

<figure><img src="/files/nzpL4lUKFQjWYtCYmzUi" alt=""><figcaption></figcaption></figure>

### **OpenID Connect Setup**

Provide:

* Client ID / Secret
* Discovery URL
* Token & UserInfo endpoints
* Scopes

Enable PKCE if required

### **Login Experience**

* Users see multiple login options on the login page:
  * Password
  * OTP
  * Digital Certificate
  * Active Directory
  * Microsoft
  * Google
  * SSO
* Available options depend on configuration

### **Security Best Practices**

* Prefer SSO (Microsoft/Google/IdP) with MFA
* Use certificate-based login for critical roles
* Restrict password login where possible
* Enable user sync for AD environments
* Regularly review access and role mappings

CERTInext supports a comprehensive set of authentication methods including enterprise SSO, Active Directory, Microsoft, and Google login. This ensures seamless user access while maintaining strong identity security, compliance, and centralized control.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.certinext.io/documentation/getting-started/multiple-login-options.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.