NOTE:To use the PKI method for authentication, you must install the Advanced Authentication Device Service. For more information on Device Service, see the Advanced Authentication - Device Service guide.
To enroll a PKI, perform the following steps:
Insert a card or plug in a crypto stick to your machine.
Enter a PIN code.
IMPORTANT:The PKI method supports the 1:N feature. The user name is detected automatically by the Advanced Authentication. You can authenticate by pressing CTRL+ALT+DEL and then plugging in your PKI device.
While authenticating with the PKI method, some error messages might be displayed:
If you get the error Wrong card, the authenticator that is used is incorrect. Repeat with another card or crypto stick or re-enroll the authenticator in Self-Service Portal or contact the helpdesk.
If you get the error Present card, ensure that the PKI device is properly connected. Try to connect it to a different USB slot.
If you get the error <Your user name> has no authenticator for PKI, you need to enroll the authenticator in the Self-Service Portal or contact the helpdesk.
If you get the error No template for Card, either the card is not enrolled or you are trying to log in with the non-cached authenticator in the offline mode.
NOTE:In a scenario where you leave a card on the reader or a crypto stick connected, and once you log in you can lock the operating system automatically even if you take off the card from the reader or unplug your crypto stick (if it is configured by the system administrator). Then you can place a card back to the reader or plug your crypto stick to unlock the operating system.
You must put the card again to the reader to unlock the operating system. Advanced Authentication does not support locking or unlocking an operating system by tapping a card.