3.4 Device Authentication

You can enroll and authenticate the Device Authentication method using Windows TPM generated virtual smart card. The virtual smart card is essentially a smart card that is always inserted in the computer. Device Authentication supports authentication to Windows workstation and makes use of information available in the virtual smart card to authenticate users.

3.4.1 Enrolling Device Authentication Authenticator

  1. Click the Device Authentication icon in Add Authenticator.

  2. (Optional) Specify a comment in the Comment.

  3. (Optional) Select the preferred category from the Category.

  4. Select the valid certificate from Key.

    If the Windows TPM smart card is generated in the workstation, the certificate type and expiry date of certificate is populated in Key automatically.

  5. (Conditional) To generate key pair, select Generate a key pair from Key and specify PIN.

  6. Click Save.

    A message Authenticator "Device Authentication" has been added is displayed.

3.4.2 Testing Device Authentication Authenticator

  1. Click the Device Authentication icon in Enrolled methods.

  2. Click Test.

  3. Specify the PIN.

    If the test is successful, a message Authenticator "Device Authentication" passed the test is displayed. If the specified PIN is invalid, a message Incorrect PIN is displayed.