to enforce two-factor authentication with clients having to provide a certificate and a user account/password,
to allow single-factor authentication using a certificate instead of user account/password.

Authentication Strategies

Two-factor Authentication

This includes to require both user account/password authentication and certificate based authentication.

This boils down to use either account/password authentication or to allow certificate based authentication alternatively.

Find details from the JOC Cockpit - Single-factor Authentication with Certificates Find details how to configure Clients and JOC Cockpit for use with certificates from the JS7 - Certificate based Authentication article.