If you have a smart card authentication system enabled in your environment, you can configure AD360 to authenticate users through it, bypassing other first factor authentication methods.
This feature provides an additional authentication option for AD360 login by enabling the use of smart cards/ PKI/ certificates to grant access to the tool. Smart card authentication strengthens the security further because getting access to AD360 shall then require the user to possess the smart card and know the personal identification number (PIN) as well.
When a user attempts to access AD360's web-interface, they would be allowed to proceed further only after completing smart card authentication in the machine, i.e., by presenting the smart card and subsequently entering the PIN. AD360's web-interface supplements smart card technology with SSL communication. So, the user is prompted to specify the X.509 certificate for getting access.
Users can choose to provide the certificate from the smart card or the local certificate store, in which case AD360 performs the steps to authenticate the user with the certificate. The users can also choose to decline providing the certificate and the tool takes them to the usual login page for authentication.
Connect to http://CertificateAuthorityServerName/certsrv/ to download CA root certification.
AD360 provides the flexibility to specify any attribute of the smart card certificate that you feel uniquely identifies the user in your environment. You may choose any attribute among SAN.OtherName, SAN.RFC822Name, SAN.DirName, SAN.DNSName, SAN.URI, email, distinguishedName and CommonName. In case if any other attribute is used to uniquely identify the user in your environment, contact AD360 support to add that attribute.
Here you need to specify the particular LDAP attribute that uniquely identifies the user in AD360 user store, e.g., sAMAccountName.
During authentication, AD360 reads the value corresponding to the certificate attribute that you specified in Mapping Attribute in Certificate and compares it with the specified LDAP attribute in Mapping Attribute in AD.
During authentication, AD360 checks for certificate revocation status against an Online Certificate Status Protocol (OCSP) server, with details available in the certificate. If the certificate does not have the OCSP information, the information provided in the settings here will be used.
After you have added a smartcard for authentication, you can perform any of the following functions:
To add a new smartcard, follow the steps given below:
To edit a configured smartcard, follow the steps given below:
Copyright © 2023, ZOHO Corp. All Rights Reserved.