Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. NetBackup and NetBackup Appliances Hardening Guide
  3. Steps to protect Flex Appliance
  4. Managing user authentication with smart cards or digital certificates
NetBackup and NetBackup Appliances Hardening Guide

Managing user authentication with smart cards or digital certificates

You can use smart cards or certificates for user validation with a remote user domain. This authentication method is not available for local users.

Note:

Smart card authentication does not apply for users who have configured multifactor authentication.

Prerequisites

Note the following prerequisites for smart card authentication:

  • DNS must be configured on the appliance.

  • The remote users who are associated with the smart cards or digital certificates must be imported to the appliance.

  • Cohesity recommends that the appliance date and time are set using NTP.

Configuring or editing smart card authentication

Follow these steps to configure user authentication with smart cards or digital certificates or to edit an existing configuration.

To configure or edit smart card authentication

  1. Sign in to the Flex Appliance Console as a security administrator and click the gear icon in the upper-right corner of the page, then click Smart card authentication.
  2. Click Configure or Edit.
  3. Select a certificate mapping attribute and optionally enter the OCSP URI. If you do not provide the OCSP URI, the URI in the certificate is used.
  4. Browse for or drag and drop the CA certificates that are associated with the user smart cards or the user digital certificates. Certificate file types must be in .pem format and less than 1,000 KB in size.

    To remove a certificate, click the x next to the file name. If the certificate is part of a certificate chain, make sure that you also remove the other certificates in the chain.

    Note:

    If you use Mozilla Firefox, you must also remove the certificate from the browser's certificate manager. See the browser documentation for instructions.

  5. Click Save.
  6. Open a new session to the Flex Appliance Console. The sign-in page should now display an option to sign in with a certificate or smart card.
  7. Before a user can use a digital certificate that is not installed on a smart card, the certificate must be uploaded to the browser's certificate manager. See the browser documentation for instructions.
  8. Once a user inserts a smart card or uploads a certificate, they are prompted to select and authenticate the certificate when they open a new session to the Flex Appliance Console. Once they do so, they can use the certificate to sign in.

    If the user does not select and authenticate the certificate when prompted, they can still sign in with their username and password.

Disabling or enabling smart card authentication

Follow these steps to disable user authentication with smart cards or digital certificates or to enable it after it has been disabled.

To disable or enable smart card authentication

  1. Sign in to the Flex Appliance Console as a security administrator and click the gear icon in the upper-right corner of the page, then click Smart card authentication.
  2. Click Disable or Enable.

If you disable smart card authentication, users no longer see an option to sign in with a certificate or smart card.

Feedback

Was this page helpful?
Previous

Managing identity providers (IDPs)

Next

About lockdown mode

Feedback

Was this page helpful?