Smart card authentication
This feature provides an additional authentication option for RecoveryManager Plus login by enabling the use of smart cards, PKI, or certificates to grant access to the tool.
Follow the steps listed below to configure smart card authentication settings.
Prerequisites: SSL port must be enabled to configure smart card authentication settings. To learn how to enable SSL, click here.
- Click the Delegation tab.
- In the left-pane, select Help Desk Delegation → Logon Settings.
- Click Add New Smart Card button.
- In the Import CA Root Certificate field, click Browse and import the required Certification Authority root certificate file from your computer. If you do not have the CA root certificate, navigate to http://<CertificateAuthorityServerName>/certsrv/ in your browser to download CA root certificate, where <CertificateAuthorityServerName> is the domain of your CA.
- RecoveryManager Plus provides the flexibility to specify any attribute of the smart card certificate that you feel uniquely identifies the user in your environment. You may choose any attribute among SAN.OtherName, SAN.RFC822Name, SAN.DirName, SAN.DNSName, SAN.URI, email, distinguishedName and CommonName, or you can add any attribute of your choice. In the Certificate Mapping Attribute field, specify the certificate attribute for mapping from the available attributes or add a new one by entering the attribute in the text field at the bottom and click the icon.
- In the Mapping Attribute in AD field, specify the LDAP attribute that should be matched with the specified certificate attribute. Specify any LDAP attribute that uniquely identifies the user in Active Directory, e.g., sAMAccountName.
- In the Linked Domains field, select the appropriate domains from the drop-down menu.
- Click Save.
- Restart RecoveryManager Plus for the changes to take effect.