How to set up smart card authentication

Smart card log in is a certificate-based log in. The certificate is supplied by the smart card and used by Privileged Access Service to authenticate users. To use smart card authentication with Privileged Access Service, your users must already be configured for smart card log in.

To set up smart card authentication

  1. Log in to the Admin Portal.
  2. Click Access > Policies.
  3. Select the relevant policy or create a new one.
  4. Click Authentication Policies > Centrify Services.
  5. Confirm that "Use certificates for authentication" (in the Other Settings section) is enabled (default).

    You must have this option enabled to use smart card authentication. This option allows Privileged Access Service to use the smart card generated certificate to authenticate users to the cloud.

  6. (Optional) Enable the "Set identity cookie for connections using certificate authentication" option only if you have a hybrid system where users are logging in using smart cards and another authentication method.

    Enabling this option will allow the Privileged Access Service to write cookies in the browser after a successful log-in. Privileged Access Service will then check the browser for this cookie upon subsequent log ins and take action based on any identity cookie authentication rules you have configured. See Creating authentication rules.

  7. For more information on managing certificate authorities, see Managing Certificate Authorities