Logging In and Out of a Trusted Session Using a Certificate

You can also log in to Cockpit v2 using multi-factor authentication (MFA) via WebAuthn or an OTP. For more information, see Setting Up MFA for Your Account Using WebAuthn or an OTP.

If you have set up multi-factor authentication (MFA) on your OUTSCALE account using an x509 certificate, you can authenticate into Cockpit v2 with increased security. This feature adds an extra step of authentication to the basic login procedure for Cockpit v2, by requiring a client certificate.

This MFA method for Cockpit v2 is based on API access rules. For more information, see About API Access Rules.

On Cockpit v2, this MFA method is available for the login and password authentication method and the access key authentication method. You can store your client certificate either:

  • Locally on your computer, becoming a second knowledge factor,

  • Or on a separate physical device such as a smart card, becoming a possession factor.

This MFA method for Cockpit v2 is currently supported for:

  • Google Chrome

  • Microsoft Edge

Logging In and Out of a Trusted Session Using Cockpit v2

With a Client Certificate Stored Locally on your Computer

Before you begin:

  1. Set up MFA on your OUTSCALE account. For more information, see Tutorial: Setting Up MFA for Your Account Using a Certificate.

  2. Open your web-client-certificate.p12 file.
    A dialog box appears.

  3. Follow the instructions of the dialog box to add the client certificate to your operating system.
    You client certificate is now automatically recognized by your browser.

    If your client certificate is not automatically recognized by your browser, you can still add it manually in your browser settings. To do so, see the specific help of your browser.

  1. Access Cockpit v2.

  2. Enter your credentials, select your Region, and click Login.
    A dialog box appears.

  3. Select your client certificate and validate.
    You are now logged into Cockpit v2 with a trusted session.

  4. To disconnect the trusted session, quit your browser.

    To avoid having to close the entire browser, use a private session so that you only have to close the private window.

With a Client Certificate Stored on a Separate Physical Device

Before you begin:

  1. Activate MFA on your OUTSCALE account. For more information, see Tutorial: Setting Up MFA for Your Account Using a Certificate.

  2. Import your client certificate on your physical device. To do so, see the specific help of your physical device.

  1. Insert your physical device in your computer.

  2. Access Cockpit v2.

  3. Enter your credentials, select your Region, and click Login.
    A dialog box appears.

  4. Select your client certificate and validate.
    A dialog box appears.

  5. Enter your PIN code and validate.
    You are now logged into Cockpit v2 with a trusted session.

    Depending on your physical device and your browser, your PIN might be requested regularly during the trusted session.

    If you remove your physical device:

    • And you have not activated a trusted session through the API, the Cockpit v2 trusted session ends after 5 minutes.

    • And you have activated a trusted session through the API, the Cockpit v2 trusted session ends after 1 hour.

  6. To disconnect the trusted session, quit your browser.

    To avoid having to close the entire browser, use a private session so that you only have to close the private window.

Related Pages

Export to PDF