To increase the security for your corporate data available in Pagero Online, Pagero provides authentication with personal certificates on top of the standard username/password login. This guide will help you perform the necessary steps required to take advantage of certificate authentication in Pagero Online.
Prerequisites
The following is a list of steps that needs to be performed before being able to use certificate authentication.
- Make sure your company’s Pagero Online account is configured to require certificate authentication for your users. This is a non-standard service.
- Make sure that Pagero has added your Certificate Authority’s (CA’s) certificate as a trusted certificate in Pagero Online. This is needed in order for Pagero Online to verify that a path of trust exists from the certificate used to authenticate to the certificate authority that issued the certificate, and that the certificate has not been forged or tampered with.
- Install any software to be able to use your smart card reader/digital badge with a web browser.
Certificate types and certificate authority support
Pagero Online supports certificates of type X.509v3. Pagero supports both hard and soft certificates, as long as the certificate used fulfills the policy of your company. The certificate authority used can be a general certificate issuer, or an issuer used only for your company. Please contact Pagero Support and Service Center, for more information on how to set this up.
Revocation checks
Pagero Online supports certificate revocation lists (CRLs). These must be accessible via a URL hosted by the Certificate Authority that issued the company’s certificates. If no URL is provided, no check will be done. Please provide a URL to the CRL when setting up the account in Pagero Online.
Logging in for the first time with a certificate
When Pagero has activated certificate authentication for your company, please perform the following steps in order to login with your certificate.
- When you receive a notification from your company that Pagero has enabled certificate authentification, close all instances of your web browser.
- Make sure your certificate is available to your computer. For hard certificates: Plug in your smart card reader if not already plugged in and insert your identification card into it.
- If necessary, start the application that manages your smart card reader.
- Start your web browser and go to http://www.pageroonline.com
- Log in as usual with your username and password.
- Next you will be prompted to select the certificate that identifies you; the appearance of this prompt will vary depending on browser and what software you use. If you have multiple certificates to choose from, be sure to select one that ca be used for Signing.
- Next you (probably) have to supply the password for your certificate.
- Finally you will be redirected to the start page of Pagero Online and you can now go about your usual tasks.
Final notes
Once certificate authetication has been activated, you must always display your certificate when logging in. It’s not possible to only use username and password login as before. A number of properties of the certificate you present are checked for validity. If any property is not considered valid you will not be able to complete the login and will be redirected to an error page. Below is an example of this error:
If you fail to provide the correct password for your certificate, within a reasonable amount of time, then the login will fail and Pagero Online will display an error page. There is no need to worry if this happens, just go to http://www.pageroonline.com again and provide the correct password, when the password prompt appears and you will successfully perform the login.