Creating a MarkLogic Server User with an Internal Name
- Last Updated: May 20, 2026
- 2 minute read
- MarkLogic Server
- Version 12.0
- Documentation
To configure certificate-based user authentication for user, demoUser1, as a MarkLogic Server internal user, follow these steps in the Admin Interface:
-
Click Security in the left tree menu.
-
Under Security, click Users.
-
Click the Create tab. The User Configuration page appears.
-
In the User Name field, enter the user name as it appears in the
CNvalue of the certificateSubjectfield (demoUser1in the example shown in User Certificate Example) -
Enter and confirm a password.
-
Click OK.
-
Next, change the app server configuration. At the top of the left tree menu, click Server.
-
Under the Summary tab, and the App Servers heading, click the name of the app server.
-
On the Configure tab, set the Authentication field to Certificate.
-
Set Internal Security to true.
-
If you do not wish to have the user authenticated as an external user, be sure that External Securities are set to None,
-
Scroll down to the bottom of the page and in the Ssl Client Certificate Authorities section, click Show.
![Admin Interface Screenshot illustrating the location of [Show] near the bottom of the app server configuration page](https://docs-be.progress.com/bundle/marklogic-server-secure-12/page/topics/certificate-based-authentication/creating-a-marklogic-server-user-to-use-certificate-based-authentication/../../image/166bcffc653b59.png?_LANG=enus)
-
Select the certificate authority created in CA Certificate (User Cert Signer) Import from Admin Interface to sign the client/user certificate.
-
Click OK.
Once configured, demoUser1 is now able to access the app server with a browser that has the user certificate installed, as described in Certificate Template & Template CA Import into Client (Browser/SSL Client).
Note: You will also need to assign the necessary roles to demoUser1 to access the needed MarkLogic Server resources.