Users Settings

You can changed the option on how the users will behaves when accessing user-portal. Before you could do that, please check these KB down below to ensure you have the Admin access and can accessed it:


  1. login to
  2. Go to Settings tab> ZTNA
  3. In Configurations, choose Users Settings
  4. It will open the configuration that you can changed, to changed it click "Edit"
  5. There are 3 options that you can changed - Require MFA, Require Device Certificate & Idle session timeout
  6. Require MFA enables you to disable or enable MFA verification when accessing user-portal. If you disabled this toggle, then after you input the user and credential in user-portal it won't asked for MFA verification - neither Authenticator App based or SMS based OTP.
  7. Require Device Certificate enables you add additional security measurement for accessing user-portal, so not only based on user credential and MFA also can add device certificate for verification. It required to add the MS-ADCS Certificate Template OID with the correct OID value based on your deployed ADCS. More information about MS-ADCS, please refer to official Microsoft KB in here
  8. When the Require Device Certificate enabled, every time users login to user-portal it will asked the certificate
  9. It will open login page no matter the certificate is the correct one or not, the device certificate checking is happens after user input the username and password. It will open the applications list
  10. If the device certificate is not the correct one, it will give unauthorized page
  11. Idle session timeout is to set how long (in minutes) the session need to reauthenticate to user-portal after the session is idle on user side