Currently CN or SAN can be used to mapping to spotfure account name when enabling 2FA (2 factor authentication). Either CN or SAN must match spotfire account name in order to authenticate successfully.
Customer wans to share 1 client certificate between multiple end users, just like a wildcard SSL certificate.
One can specify multiple values to SAN when issuing a client certificate, however Spotfire requires to specify the index of which SAN value should be used when configuring 2FA.
Please allow omit the index and use any SAN value available in the client certificate to match the spotfire account name.