FOIAXpress PIV Card MFA Configuration

Updated
  • Updated on Feb 10, 2026
  • Published on Jan 29, 2026
  • 2 minute(s) read
Prev Next

PAL PIV Card MFA Configuration

NOTE: The steps in the following section must be completed in sequence and immediately following one another. Once PIV authentication is enabled, you must then immediately add your account credentials to ensure you are able to log in to the application. If you enable PIV but do not configure your account for PIV login, you could inadvertently lock yourself out of the application.

1.Configure MFA for PIV

To enable MFA via PIV in FOIAXpress:

  1. Log into FOIAXpress and Access Administration.

  2. Click on Security on the left-hand navigation panel.

  3. Change the MFA Type to PIV.

  4. Click the Save button.

  5. Immediately move to the next section and complete these steps

2.Configure Users PIV Certificates

For each user, configure the PIV certificate field by performing the following steps:

NOTE: First configure your Administrator account to ensure you can log back into the application now that PIV authentication is enabled.

  1. Access the Administration tab in FOIAXpress.

  2. Click on Organization Setup on the left link panel, the click Users.

  3. Open the user details by selecting that userā€™s row and clicking Edit.

  4. Populate the Certificate Subject field with the value of the user's PIV certificate subject. This should be in the form "CN=[value]" where [value] is either a name or email address. This value can be obtained by checking the details of the certificate the user will use.

  5. Click Save once complete.

  6. Once enabled, FOIAXpress users will be prompted by their browser for their PIV certificate when accessing the application. They will then proceed to the login page where they may enter their username and password normally. When attempting to login, the user's certificate will be verified in addition to their username and password.

2.1 Configure MFA for PIV in PAL Configuration

To configure setup MFA via PIV :

  1. Log into PAL Configuration.

  2. Click on Security on the left-hand navigation panel.

  3. Change the MFA Type for PAL Admin Login to PIV.

NOTE: This option was formerly called OTP Type For Pal Login.

  1. Click the Save button

2.2 Configure Users PIV Certificates

For each user, configure the PIV certificate field by performing the following steps:

NOTE: First configure your Administrator account to ensure you can log back into the application now that PIV authentication is enabled.

  1. Log into PAL Configuration

  2. Click on Users on the left-hand navigation panel.

  3. Open the user details by clicking the Login cell for the row, or selecting the row and clicking Edit.

  4. Populate the Certificate Subject field with the value of the user's PIV certificate subject. This should be in the form "CN=[value]" where [value] is either a name or email address. This value can be obtained by checking the details of the certificate the user will use.

  5. Click Update once complete.

  6. Once enabled, PAL Config users will be prompted by their browser for their PIV certificate when accessing the site. They will then proceed to the login page where they may enter their username and password normally. When attempting to login, the user's certificate will be verified in addition to their username and password.

Related articles