This is not possible in versions of TPAM prior to 2.5.916.
TPAM 2.5.916 added Enhancement Request 7570:
Added a new global setting to allow user ID’s using certificate authentication to be linked to the certificate through the value of the subjectAltName:PrincipalName attribute in the certificate.
For more details see the Global Setting chapter in the System Administrator Guide.
From the TPAM 2.5.916 System Administration Guide:
For user ID’s using a primary authentication type of Certificate this setting determines if the user is linked to the certificate through the thumbprint or the value of the subjectAltName:PrincipalName attribute in the certificate.
NOTE: This setting affects ALL user ID’s using certificate authentication. Make sure you have a least one administrator and system administrator user ID setup without certificate authentication to make these updates.