...

• Built-in Identity Services ship with JOC Cockpit and can be used out-of-the-box.
• The Identity Service for Local User Management does not offer more include elaborated features such as password recovery, password complexity constraints, lifetime password rotation etc. and is not intended to do sofor such purposes. Instead, this Identity Service is a starting point for users who operate JS7 for testing purposes. Such features typically are available from an LDAP Directory Service and from external Identity Services.

...

Certificate Based Authentication

Certificates can be used for mutual authentication:

• The client (Browser Client, REST API Client) challenges the JOC Cockpit server to present its server authentication certificate that will be verified by the client.
• The JOC Cockpit server challenges the client to present its client authentication certificate that is verified by JOC Cockpit.

With JOC Cockpit being set up for mutual authentication certificates can be used

• to enforce two-factor authentication with clients having to provide a certificate and a password,
• to allow single-factor authentication using a certificate instead of a password.
  
  

Further Resources

...