Multiple Certificate Authentication
Multiple certificate based authentication gives the ability to have the threat defense validate the machine or device certificate, to ensure the device is a corporate-issued device, in addition to authenticating the user’s identity certificate to allow VPN access using the Secure Client during SSL or IKEv2 EAP phase.
The multiple certificates option allows certificate authentication of both the machine and user via certificates. Without this option, you could only do certificate authentication of either machine or the user, but not both.