The EAM solution allows you to delegate the management of the smart cards to the users, so that you do not have to manage smart cards from the EAM console. This is the smart card self enrollment feature. When the user tries to authenticate using a smart card for which he/she knows the PIN, but that is not yet assigned, User Access asks for the user's login/password and assigns the card. This assignment does not appear in the console. If needed, the user can register several identities in the same card. This mode is configured in the XML configuration file.
|
NOTE: Users who may start the EAM console using a smart card cannot use this mode. |
For more information on the smart card self-enrollment procedure, see Authentication Manager for Windows User's Guide.
Before assigning a smart card, you must be sure that it is not yet formatted. If it is already assigned to a user, this means that it contains data customized according to the directory where the user is registered. In this case, the smart card must be formatted.
For more information on the smart card formatting procedure, see Section Formatting smart cards.
Task to perform |
In classic administration mode, you must have: |
In advanced administration mode, you must have: |
Assigning a loan card |
"Smart card administrator" and at least "Security object administrator" or "access" or "rights" |
"Token configuration: Lending" and "Directory: Browsing" |
Returning a loan card |
"Smart card administrator" and at least "Security object administrator" or "access" or "rights" |
"Token configuration: Lending" and "Directory: Browsing" |
In this section:
When a user has forgotten, lost his/her smart card or when his/her smart card has been stolen, you can assign him/her a loan card. In this case, the principal card of the user is deactivated: a user can only have one active card at a time.
|
NOTE:
|
Procedure
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy