PIV Card MFA Configuration - AX - PAL

Updated
  • Updated on Mar 5, 2026
  • Published on Jan 29, 2026
  • 1 minute(s) read
Prev Next

Configure MFA for PIV

To enable MFA via PIV in ATIPXpress:

  1. Log into ATIPXpress and Access Administration.

  2. Click on Security on the left-hand navigation panel.

  3. Change the MFA Type to PIV.  

  4. Click the Save button.

Configure Users PIV Certificates

For each user, configure the PIV certificate field by performing the following steps:

  1. Access the Administration tab in ATIPXpress.

  2. Click on Organization Setup on the left link panel, the click Users.

  3. Open the user details by selecting that userā€™s row and clicking Edit.

  4. Populate the Certificate Subject field with the value of the user's PIV certificate subject.

This should be in the form "CN=[value]" where [value] is either a name or email address.

This value can be obtained by checking the details of the certificate the user will use.

  1. Click Save once complete.

  2. Once enabled, ATIPXpress users will be prompted by their browser for their PIV certificate when accessing the application. They will then proceed to the login page where they may enter their username and password normally. When attempting to login, the user's certificate will be verified in addition to their username and password.

PAL PIV Card MFA Configuration  

Configure MFA for PIV in PAL Configuration

To configure setup MFA via PIV :

  1. Log into PAL Configuration.

  2. Click on Security on the left-hand navigation panel.

  3. Change the MFA Type for PAL Admin Login to PIV.  Note: This option was formerly called OTP Type For Pal Login

  4. Click the Save button.

Configure Users PIV Certificates

For each user, configure the PIV certificate field by performing the following steps:

  1. Log into PAL Configuration

  2. Click on Users on the left-hand navigation panel.

  3. Open the user details by clicking the Login cell for the row, or selecting the row and clicking Edit.

  4. Populate the Certificate Subject field with the value of the user's PIV certificate subject.

This should be in the form "CN=[value]" where [value] is either a name or email address.

This value can be obtained by checking the details of the certificate the user will use.

  1. Click Update once complete.

  2. Once enabled, PAL Config users will be prompted by their browser for their PIV certificate when accessing the site. They will then proceed to the login page where they may enter their username and password normally. When attempting to login, the user's certificate will be verified in addition to their username and password.

Related articles