Configuration Level: Global, Container, User
Certificate matching specifies what part of the certificate presented during login is matched to the target user account. There are three options:
Subject Name: Subject name matching checks the subject name of the login certificate against the subject names configured for the user object. Matching by a certificate subject name is less restrictive than matching by a specific certificate.
Certificate: Certificate matching checks the login certificate against the list of certificates configured for the user object. Certificate‑based matching is more restrictive than subject name matching because only a configured certificate can be used for login.
No Matching: No matching means no part of the login certificate must be configured on the target user account. Typically, this option would not be used for regular user accounts. A potential use would be for guest accounts. A guest account could be configured as no matching, and then anyone with a valid certificate could log in to the account.