Smart Card Authentication
ADSelfService Plus supports smart card authentication, enabling users to securely access the self-service portal without having to enter a password.
ADSelfService Plus authenticates users by comparing the certificate file on their machine with the one in AD. The authenticated users will then be automatically logged in to the ADSelfService Plus web console.
Prerequisite
Follow these steps
- Log in to the ADSelfService Plus web console with admin credentials.
-
Navigate to Admin → Customize → Logon Settings.
-
Click the Smart Card Authentication tab.
-
In the Import CA Root Certification field, click Browse to import the required root certification file (X.509 certificate). (Refer step 2 of Prerequisites)
-
In the Mapping Attribute in Certificate field, select a unique attribute in the certificate for mapping.
-
Ensure that a unique attribute from the certificate is mapped to a unique attribute in AD. Both attributes must have the same values.
-
ADSelfService Plus provides the ability to select any attribute of the smart card certificate that uniquely identifies a user. You can choose SAN.OtherName, SAN.RFC822Name, SAN.DirName, SAN.DNSName, SAN.URI, email, distinguishedName, or CommonName. In case other attributes are used to uniquely identify the user in your environment, enter the attribute name in the text box provided and click the + icon.
-
In the Mapping Attribute in AD field, specify the LDAP attribute that should be matched with the specified certificate attribute.
-
Here you need to specify the particular LDAP attribute that uniquely identifies the user in AD (e.g. sAMAccountName).
-
During authentication, ADSelfService Plus reads the value corresponding to the certificate attribute that you specified in the certificate's mapping attribute, and compares it with the specified mapping attribute in AD.
-
In the Linked Domains, select the domains you want to enable smart card authentication for from the drop-down.
-
Click Save
-
Restart ADSelfService Plus for the changes to take effect.
Managing smart card authentication configurations
After you have added a smart card for authentication, you can perform any of the following functions:
-
Add a new smart card configuration
-
Edit a configured smart card
-
Enable or disable a smart card
-
Delete a configured smart card
Adding a new smart card
-
Navigate to Admin → Customize → Logon Settings → Smart Card Authentication.
-
Click the Add a New Smartcard button in the top-right corner.
-
Enter all the required details and click Save.
Editing a configured smart card
-
Navigate to Admin → Customize → Logon Settings → Smart Card Authentication.
-
Click the pencil icon ( ) corresponding to the smart card whose configuration you wish to edit.
-
Modify the settings you wish to change.
-
Click Save
Enabling/Disabling a configured smart card
-
Navigate to Admin → Customize → Logon Settings → Smart Card Authentication.
-
To enable or disable a configured smart card, click on the red icon ( ) or green check ( ) icons located in the action column of the particular smart card.
Delete a configured smart card
-
Navigate to Admin → Customize → Logon Settings → Smart Card Authentication.
-
Click the delete icon ( ) on the smart card which you wish to delete.
-
Click Yes to confirm the deletion.
Don't see what you're looking for?
-
Visit our community
Post your questions in the forum.
-
Request additional resources
Send us your requirements.
-
Need implementation assistance?
Try onboarding