To check the permitted authentication method, query the /api/authentication/types endpoint.
If the types field of the response includes the x509 object, certificate-based authentication is permitted.
If it includes only the basic object, password authentication is permitted.
If it includes both fields, then certificate-based authentication is permitted for the users, but the admin user can authenticate with password as well. Note that in this case, SPS assumes that the admin user will authenticate with a password, and expects password-authentication on the /api/authentication endpoint. To authenticate with a certificate, use the /api/authentication?type=x509 endpoint.
© 2025 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center