Smart Card Authentication

ADSelfService Plus supports smart card authentication, enabling users to securely access the self-service portal without having to enter a password. 

ADSelfService Plus authenticates users by comparing the certificate file on their machine with the one in AD. The authenticated users will then be automatically logged in to the ADSelfService Plus web console.

Prerequisite

Follow these steps 

  1. Log in to the ADSelfService Plus web console with admin credentials.
  2. Navigate to Admin → Customize → Logon Settings.
  3. Click the Smart Card Authentication tab.
  4. Smart Card Authentication

  5. In the Import CA Root Certification field, click Browse to import the required root certification file (X.509 certificate). (Refer step 2 of Prerequisites)
  6. In the Mapping Attribute in Certificate field, select a unique attribute in the certificate for mapping.
    • Ensure that a unique attribute from the certificate is mapped to a unique attribute in AD. Both attributes must have the same values.
    • ADSelfService Plus provides the ability to select any attribute of the smart card certificate that uniquely identifies a user. You can choose SAN.OtherName, SAN.RFC822Name, SAN.DirName, SAN.DNSName, SAN.URI, email, distinguishedName, or CommonName. In case other attributes are used to uniquely identify the user in your environment, enter the attribute name in the text box provided and click the + icon.

    Smart Card Authentication

  7. In the Mapping Attribute in AD field, specify the LDAP attribute that should be matched with the specified certificate attribute.

    • Here you need to specify the particular LDAP attribute that uniquely identifies the user in AD (e.g. sAMAccountName).
    • During authentication, ADSelfService Plus reads the value corresponding to the certificate attribute that you specified in the certificate's mapping attribute, and compares it with the specified mapping attribute in AD.
  8. In the Linked Domains, select the  domains  you want to enable smart card authentication for from the drop-down.
  9. Click Save
  10. Restart ADSelfService Plus for the changes to take effect.

Managing smart card authentication configurations

After you have added a smart card for authentication, you can perform any of the following functions:

Adding a new smart card
Editing a configured smart card
Enabling/Disabling a configured smart card
Delete a configured smart card

Thanks!

Your request has been submitted to the ADSelfService Plus technical support team. Our technical support people will assist you at the earliest.

 

Need technical assistance?

  • Enter your email ID
  • Talk to experts
  •  
     
  •  
  • By clicking 'Talk to experts' you agree to processing of personal data according to the Privacy Policy.

Don't see what you're looking for?

  •  

    Visit our community

    Post your questions in the forum.

     
  •  

    Request additional resources

    Send us your requirements.

     
  •  

    Need implementation assistance?

    Try onboarding

     

Copyright © 2024, ZOHO Corp. All Rights Reserved.