The certificate is used to identify a user, it contains data that is also in the directory. It is a link between the card and the directory. This link can exist before the smart card use (an LDAP attribute of the user is already specified with the correct value) or this link can be created upon the assignment.
When the certificate is issued by an external authority, it cannot be managed from the EAM console.
|
NOTE: Any smart card type can be authorized as soon as it is described in the XML file. |
In this section:
When a card is used within the EAM solution, it is possible to utilize the certificate stored in the card. Two cases are possible:
If the card has already a certificate, EAM can use this certificate to authenticate the user (Public Key Authentication (PKA) configuration). This configuration is mainly used when the card is read-only.
|
NOTE: For more information on this procedure, see Enabling the public key authentication method. |
If the card does not have a certificate, it is possible to interface with the Microsoft PKI to request one or more certificates to the Microsoft CA (and only this one). This configuration is done in the XML configuration file of the solution. In this case, the certificate can be managed from the console. (request, revocation...).
To request such a certificate, the running Windows session account must own a certificate generated by the Microsoft CA based on the EnrollmentAgent template. If the certificate is not available in the user's certificate store on the workstation, then the certificate is automatically retrieved from the Microsoft CA.
|
NOTE: You will use the following interface to manage your smart card certificates: |
In this section:
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy