In 10.5.0.2 or later, PKI authentication can be used to access the Security Analytics UI. PKI allows users to authenticate and access the Security Analytics UI using digital certificates.
Certificates are issued by a Third-Party Certificate Authority (CA) (external to Security Analytics server). The following categories of certificates are required for PKI authentication:
- Security Analytics server certificate (private key and its chain)
- Trusted CA certificates
- User certificate (issued by CA)
Security Analytics Server Certificate
This certificate is used by Security Analytics server to present its identity. This certificate is issued by a trusted CA. When a user accesses the Security Analytics UI using HTTPS, this certificate is presented to the user in the web browser.
Trusted CA Certificates
These are collection of CA certificates. Security Analytics server uses these certificates as the trusted authorities to validate the certificate provided by the user. If the user does not have a certificate signed by one of these CA(s), the user is not allowed to access the Security Analytics UI.
This certificate is used by the Security Analytics user to present the user's identity. This certificate is issued by a CA that is trusted by the users. The user certificates, by default, are identified by most browsers. In case the certificates are not identified, the user must import the certificates into browser certificates store.
Security Analytics PKI Authentication Workflow
The following figure shows how the user can access Security Analytics using PKI authentication.
The following points explain the workflow of the above figure.
- User tries to access the Security Analytics UI using the web browser. For example, https://sa-host/login.
- The user is prompted to select the user certificate.
Note: The certificate prompt may appear differently depending on the browser.
- User selects the certificate. The browser sends the selected certificate to the Security Analytics server for authentication.
- If the authentication is successful, the Security Analytics server authorizes the user based on the user groups configured on the Active Directory Server(s).
- If the user authentication and authorization are successful, the Security Analytics dashboard is displayed.
Note: If the certificate validation fails, the user cannot access the Security Analytics Dashboard.