Bastionhost integrates with Certificate Management Service to support USBKEY certificate authentication. After you bind a USBKEY certificate to a user in Bastionhost, you can use the USBKEY for two-factor authentication when you log on. This method helps you meet compliance requirements related to Shang Mi (SM) cryptographic standards. This topic describes how to bind a USBKEY certificate.
Prerequisites
-
You have purchased an SM-compliant Bastionhost instance. For more information, see Purchase an instance.
-
You have issued a compliant CA certificate using Certificate Management Service and have obtained its certificate serial number (SN). For more information, see Apply for a private certificate.
Procedure
Log on to the Bastionhost console. In the top navigation bar, select the region where your Bastionhost instance is located.
In the list of Bastionhost instances, find the target instance and click Manage.
In the navigation pane on the left, choose .
-
On the USB Key Certificate of Users page, click Associate.
-
Enter the certificate serial number (SN), select the user to bind, and then click OK.
The binding between a Bastionhost user and a USBKEY certificate is one-to-one. Ensure that you enter the correct certificate serial number. An incorrect serial number prevents the user from logging on with an SM-compliant USBKEY.
Next steps
After logging on to Bastionhost and completing password authentication, you can use your SM-compliant USBKEY for two-factor authentication. To learn how to enable this feature, see Enable two-factor authentication.