Logging In and Out of a Trusted Session Using a Certificate

You can also log in to Cockpit using multi-factor authentication (MFA) via WebAuthn or an OTP. For more information, see Setting Up MFA for Your Account Using WebAuthn or an OTP.

If you have set up multi-factor authentication (MFA) on your OUTSCALE account using an x509 certificate, you can authenticate into Cockpit with increased security. This feature adds an extra step of authentication to the basic login procedure for Cockpit, by requiring a client certificate.

This MFA method for Cockpit is based on API access rules. For more information, see About API Access Rules.

On Cockpit, this MFA method is available for the login and password authentication method and the access key authentication method. You can store your client certificate either:

  • Locally on your computer, becoming a second knowledge factor,

  • Or on a separate physical device such as a smart card, becoming a possession factor.

This MFA method for Cockpit is currently supported for:

  • Google Chrome

  • Microsoft Edge

Logging In and Out of a Trusted Session Using Cockpit

With a Client Certificate Stored Locally on your Computer

Before you begin:

  1. Set up MFA on your OUTSCALE account. For more information, see Tutorial: Setting Up MFA for Your Account Using a Certificate.

  2. Open your web-client-certificate.p12 file.
    A dialog box appears.

  3. Follow the instructions of the dialog box to add the client certificate to your operating system.
    You client certificate is now automatically recognized by your browser.

    If your client certificate is not automatically recognized by your browser, you can still add it manually in your browser settings. To do so, see the specific help of your browser.

  1. Access Cockpit.

  2. Enter your credentials, select your Region, and click Login.
    A dialog box appears.

  3. Select your client certificate and validate.
    You are now logged into Cockpit with a trusted session.

  4. To disconnect the trusted session, quit your browser.

    To avoid having to close the entire browser, use a private session so that you only have to close the private window.

With a Client Certificate Stored on a Separate Physical Device

Before you begin:

  1. Activate MFA on your OUTSCALE account. For more information, see Tutorial: Setting Up MFA for Your Account Using a Certificate.

  2. Import your client certificate on your physical device. To do so, see the specific help of your physical device.

  1. Insert your physical device in your computer.

  2. Access Cockpit.

  3. Enter your credentials, select your Region, and click Login.
    A dialog box appears.

  4. Select your client certificate and validate.
    A dialog box appears.

  5. Enter your PIN code and validate.
    You are now logged into Cockpit with a trusted session.

    Depending on your physical device and your browser, your PIN might be requested regularly during the trusted session.

    If you remove your physical device:

    • And you have not activated a trusted session through the API, the Cockpit trusted session ends after 5 minutes.

    • And you have activated a trusted session through the API, the Cockpit trusted session ends after 1 hour.

  6. To disconnect the trusted session, quit your browser.

    To avoid having to close the entire browser, use a private session so that you only have to close the private window.

Related Pages

Export to PDF