Praty,
The client certificate authentication can have the benefit of being longer lasting so there is not the need to change the password for internal identity provider. The client certificate can be generated in an internal CA provider or within the Gateway without the need to pay for external certificates.
We see most of our customers are using username and password with it linked to their local Directory Server environment so corporate password policies are in place.
Sincerely,
Stephen Hughes
Director, CA Support