Smart card authentication

    This feature provides an additional authentication option for ADManager Plus login by enabling the use of smart cards/ PKI/ certificates to grant access to the tool. Smart card authentication strengthens the security further because getting access to ADManager Plus shall then require the user to possess the smart card and know the personal identification number (PIN) as well.

    When the user attempts to access ADManager Plus' web-interface, he/ she would be allowed to proceed further only after completing smart card authentication in the machine, i.e., by presenting the smart card and subsequently entering the PIN. ADManager Plus' web-interface supplements smart card technology with SSL communication. So, the user is prompted to specify the X.509 certificate for getting access.

    The users can choose to provide the certificate from the smart card or the local certificate store, in which case ADManager Plus performs the steps to authenticate the user with the certificate. The users can also choose to decline providing the certificate and the tool takes them to the usual login page for authentication.

    If you have a smart card authentication system enabled in your environment, you can configure ADManager Plus to authenticate users through it, bypassing other first factor authentication methods.

    Steps to configure smart card authentication settings

    1. Click the Delegation tab.
    2. The SSL port must be enabled for configuring smart card authentication settings. To check your SSL port settings, click Connection link provided under General Settings. If not enabled already, select the check box Enable SSL Port [https], and specify the port number in the field. Click Save Changes.
    3. Click Smart Card Authentication link under Logon Settings.
    4. Click on the Smart Card Configuration button.
    5. To enable SSL port from the Smart Card Authentication tab, click Enable SSL Port
    6. Under the Smart Card Configuration section,
      • In Import CS Root Certification, click Browse and import the required Certification Authority (CA) root certification file from your computer.
      • Connect to http://CertificateAuthorityServerName/certsrv/ to download CA root certification.
      • In Mapping Attribute in Certificate, specify the certificate attribute for mapping.
      • The user details need to be mapped between the smart card certificate and the ADManager Plus user database. That means, the attribute in the smart card certificate that uniquely identifies the user should match with the corresponding value in the ADManager Plus user database. This mapping involves specifying which attribute in certificate should be taken up for comparison with which attribute in ADManager Plus user store.
      • ADManager Plus provides the flexibility to specify any attribute of the smart card certificate that you feel uniquely identifies the user in your environment. You may choose any attribute among SAN.OtherName, SAN.RFC822Name, SAN.DirName, SAN.DNSName, SAN.URI, email, distinguishedName and CommonName. In case, in your environment, if any other attribute is used to uniquely identify the user, contact ADManager Plus support to add that attribute.
      • In Mapping Attribute in AD, specify the LDAP attribute that should be matched with the specified certificate attribute.
      • Here you need to specify the particular LDAP attribute that uniquely identifies the user in ADManager Plus user store, e.g., sAMAccountName.
      • During authentication, ADManager Plus reads the value corresponding to the certificate attribute that you specified in Mapping Attribute in Certificate and compares it with the specified LDAP attribute in Mapping Attribute in AD.
      • In Linked Domains, select the appropriate domains from the drop down menu.
    7. Click Save.
    8. Similarly, you can add more certificates by following the steps above.

    Don't see what you're looking for?

    •  

      Visit our community

      Post your questions in the forum.

       
    •  

      Request additional resources

      Send us your requirements.

       
    •  

      Need implementation assistance?

      Try onboarding