Configure Account Restrictions - Distinguished Name Substrings
A distinguished name substring is a portion of a certificate’s subject distinguished name representing an organization that issued a certificate. Distinguished name substrings are used to limit the set of certificates that an officer can view and manage.
Each substring represents a fragment of the Subject distinguished name in a certificate.
-
On the Configuration page, click distinguished name substrings.
After one or more distinguished name substrings are registered, the descriptive name of each substring is displayed in the Distinguished Name Substrings portion of the Create New User Account or Update User Account page. The list of Permitted Distinguished Name Substrings shows the substrings that the account is currently restricted to. If this list is empty, the account is not subject to any distinguished name substring restrictions.
-
To add a new distinguished name substring, enter a descriptive name for the substring in the Name field.
This name will appear as an available account restriction in the list of distinguished name substrings on the Create New User Account or Update User Account page. For more information, see section Administrator Operations—User Accounts.
-
Specify the portion of the distinguished name to match on in the Distinguished Name Substring field. For example, an account restricted to the substring OU=HIDGlobal, C=US would be able to view and manage a certificate with the subject distinguished name CN=John Doe, OU=HIDGlobal, C=US but not a certificate with the subject distinguished name CN=John Doe, OU=Acme, C=US.
-
Click Add to save the distinguished name substring.
Delete an Existing Distinguished Name Substring
To delete an existing distinguished name substring, click Delete to the right of the distinguished name substring that you want to delete.
