Set up smart card authentication

Smart card log in is a certificate-based log in. The certificate is supplied by the smart card and used by CyberArk Identity to authenticate users. To use smart cart authentication with CyberArk Identity, your users must already be configured for smart card log in.

If you need to set up derived credentials for secure mobile access to applications, websites and services that require smart card authentication, see CyberArk-issued derived credentials. See Enroll a device for enabling smart card users to enroll their devices.

To set up smart card authentication

  1. Log in to the Identity Administration portal.
  2. Click Core Services > Policies and select the relevant policy or create a new one.
  3. Click Authentication Polices > CyberArk Identity.
  4. Confirm Use certificates for authentication (in the Other Settings section) is enabled (default).

    You must have this option enabled to use smart card authentication. This option allows CyberArk Identity to use the smart card generated certificate to authenticate users to the cloud.

  5. (Optional) Enable the Set identity cookie for connections using certificate authentication option only if you have a hybrid system where users are logging in using smart cards and another authentication method.

    Enabling this option allows CyberArk Identity to write cookies in the browser after a successful log-in. CyberArk Identity then checks the browser for this cookie upon subsequent log ins and takes action based on any identity cookie authentication rules you have configured. See Create authentication rules.

  6. Click Settings > Authentication > Security Settings then select Enable smart card authentication on login screen, and click Save.

For more information on managing certificate authorities, see Manage Certificate Authorities