--- title: Certificate User Extractor node description: Extracts a value from the certificate collected by the Certificate Collector node, and searches for it in the identity store. The goal is to match the certificate with a user in the identity store. component: auth-node-ref version: 7.5 page_id: auth-node-ref::self-managed/certificate-user-extractor canonical_url: https://docs.pingidentity.com/auth-node-ref/7.5/self-managed/certificate-user-extractor.html keywords: ["Nodes & Trees", "Journeys", "Authentication", "Certificates", "Identity Store", "Users", "User Profiles"] page_aliases: ["auth-node-certificate-user-extractor.adoc"] section_ids: availability: Availability outcomes: Outcomes properties: Properties --- # Certificate User Extractor node Extracts a value from the certificate collected by the [Certificate Collector node](certificate-collector.html), and searches for it in the identity store. The goal is to match the certificate with a user in the identity store. The extracted value is stored in the `username` key in the shared node state. ## Availability | Product | Available? | | ------------------------------------- | ---------- | | PingOne Advanced Identity Cloud | No | | PingAM (self-managed) | Yes | | Ping Identity Platform (self-managed) | Yes | ## Outcomes * `Extracted` * `Not Extracted` Evaluation continues through the `Extracted` path if AM finds a match for the certificate in the identity store; otherwise, evaluation continues on the `Not Extracted` path. ## Properties | Property | Usage | | --------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | Certificate Field Used to Access User Profile | Specifies the field in the certificate that AM uses to search for the user in the identity store. Possible values are:- `Subject DN` - `Subject CN` - `Subject UID` - `Email Address` - `Other` - `None`If you select `Other`, provide an attribute name in the Other Certificate Field Used to Access User Profile property.Select `None` if you want to specify an alternate way of looking up the user profile in the SubjectAltNameExt Value Type to Access User Profile property.Default: `Subject CN` | | Other Certificate Field Used to Access User Profile | Specifies a custom certificate field to use as the base of the user search. | | SubjectAltNameExt Value Type to Access User Profile | Specifies how to look up the user profile:- `None` AM uses the value specified in the Certificate Field Used to Access User Profile or the Other Certificate Field Used to Access User Profile properties when looking up the user profile. - `RFC822Name` AM looks up the user profile using the value of the `RFC822Name` field. - `UPN` AM looks up the user profile as the User Principal Name attribute used in Active Directory.Default: `None` |