GlobalSign Blog

22 Apr 2014

4 Benefits of Certificate-based Authentication

Digital Certificates are one of the many solutions available for authentication. To help you decide if certificate-based authentication is right for you, we've compiled some of their key features based on feedback from our customers.

This article focuses on user authentication. For those interested, we also have some helpful content about using certificates for machine or server authentication.

1. Minimal involvement needed from end users

After the certificate is installed (with an Active Directory integration, this can happen automatically), there is nothing further to be done. When a user tries to log on or access a gated application/network, he will be prompted to select his certificate from a list.

Google Apps Certificate Authentication

Example of certificate list encountered upon accessing a Google Apps account using certificate-based authentication.

What this means for you

  • Minimal onboarding/training process
  • Decreased support calls

2. No additional hardware needed

Unlike other solutions, including one-time passwords and biometrics, no additional hardware is needed. The certificate is stored locally on the end user's computer, meaning there's no risk of the lost/forgotten token scenario. Certificates can be exported to other devices to accommodate multi-device users (note: high risk use cases should carefully manage how keys are copied and installed).

What this means for you

  • No tokens to distribute and manage
  • No need for a back-up plan in the case of forgotten/lost tokens
  • Users can work across multiple devices without interruption

Note: Some organizations prefer to store their certificates on USB tokens or smart cards. This negates the benefits of the hardware-free solution outlined here, but provides the added protection of storing the certificate's private keys on tamper-resistant tokens, meaning the cryptographic operations are now isolated and insusceptible to any attacks on the operating system.

3. Easy to manage

Most certificate-based authentication solutions come with a cloud-based management platform that makes it easy for administrators to issue certificates to new employees, renew certificates, and revoke certificates when an employee leaves the organization.

Solutions that integrate with Active Directory can make the enrollment and issuance process even easier by enabling auto enrollment and silent installation.

What this means for you

  • Minimal internal resources needed to support the solution
  • Easy to issue and revoke credentials with employee turnover
  • Easily scaled to accommodate business growth

4. Certificates are natively supported by many enterprise applications and networks

Many enterprise applications and networks natively support X.509 Digital Certificates, the standard format for public key certificates. This means with just a few configuration changes, you can enable certificate-based authentication for many popular use cases, including Windows logon, Google Apps, Salesforce, SharePoint, SAP, and access to remote servers via portals like Citrix or SonicWALL.

What this means for you

  • Minimal configuration needed to implement
  • Easily enable two-factor authentication across multiple applications and networks
  • Support mobile/remote workforce

These are just a few of the many reasons organizations choose Digital Certificates for authentication. Are you using certificate-based authentication? What was the appeal for you? Let us know in the comments!

Certificate based Authentication for Access Control

Share this Post

Subscribe to our Blog