Multi-Factor Authentication (MFA/2FA) for Certify

Last updated on October 16, 2024

Overview

The purpose of this document is to enable Rublon Two-Factor Authentication (2FA) for users logging in to Certify. In order to achieve that, you have to use Rublon Access Gateway. All required steps will be described in this document.

Supported Authentication Methods

Authentication Method	Supported	Comments
Mobile Push	✔	N/A
WebAuthn/U2F Security Key	✔	N/A
Passcode	✔	N/A
SMS Passcode	✔	N/A
SMS Link	✔	N/A
Phone Call	✔	N/A
QR Code	✔	N/A
Email Link	✔	N/A
YubiKey OTP Security Key	✔	N/A

Before you start

You need to install and configure Rublon Access Gateway itself before configuring Certify to work with it. Please read the Rublon Access Gateway documentation and follow the steps in Installation and Configuration sections. Afterwards, follow the Configuration section in this document.

Configuration

Follow these steps to enable Rublon 2FA in Certify.

Rublon Access Gateway

1. In Rublon Access Gateway, go to Applications → Add application.

2. Fill in the form and click SAVE to add a new application. Refer to the following image and table.

Application name	Enter a name for the application, e.g. Certify. The name will be displayed during Rublon 2FA.
Entity ID	https://certify.com
Assertion Consumer Service	https://certify.com/SAML2.aspx
Single Logout Service	https://certify.com
NameID format	urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
NameID attribute	mail
Send Attributes	NameID
Signature algorithm	sha-256
Validate Authn Request	Uncheck.
Sign response	Check.
Certificate for signing	Select the certificate you have downloaded from Applications → Information for configuring applications with Rublon Access Gateway → DOWNLOAD CERTIFICATE.

Certify

1. Log in to Certify as administrator.

2. Click Configuration at the top.

3. Click Configure Single Sign On inside the System integrations tile.

4. Change Authentication Type to Single Sign On and fill in the form. Refer to the following image and table.

Allow Standard Login	Keep this option unchecked at least until you tested logging in to Certify using Rublon 2FA.
Certify Mobile Login URL	Enter the value of SSO URL from Rublon Access Gateway (Applications → Information for configuring applications with Rublon Access Gateway).
Email Notification Login URL	Enter the value of Entity ID from Rublon Access Gateway (Applications → Information for configuring applications with Rublon Access Gateway).
Logout Redirect URL	https://certify.com
X.509 Certificate	Enter the text value of the certificate you have downloaded from Applications → Information for configuring applications with Rublon Access Gateway → DOWNLOAD CERTIFICATE. Open the downloaded certificate in a text editor. Copy the entire contents and paste it into the text field.

5. Keep default values of other fields. Click Save.

Log in to Certify with Rublon 2FA

1. Certify does not offer a form or button to log in via an Identity Provider. You have to go to https://example.com/saml2/idp/SSOService.php?spentityid=https%3A%2F%2Fwww.certify.com to log in via Rublon 2FA. Replace example.com with the address of your Rublon Access Gateway domain.

2. You will be redirected to the Rublon Access Gateway login page.

3. Provide your username and password. Click SIGN IN. A window will appear with a selection of various 2FA options from Rublon. Let’s choose Mobile Push.