9.6 Card

The Card authentication happens in the following cases:

  • When a contactless card is placed on a card reader.

  • When a Near Field Communication (NFC) tag is placed near a smartphone which supports NFC.

NOTE:The authentication using the NFC tag works only on the NFC supported Android smartphones.

NOTE:Advanced Authentication supports NFC tag for authenticating to OAuth 2.0/ OpenID Connect, SAML 2.0 events, and Advanced Authentication portals. The user must have the Android smartphone that supports NFC and the Google Chrome browser to enroll and authenticate using this method.

Advanced Authentication supports the Microsoft policy Interactive logon: Smart card removal behavior that allows you to specify an action on the card event. You can configure the policy to perform a force log off or lock a user session when a user places a card on the reader. Only Microsoft Windows supports this policy.

By default, the Enable Tap&Go option is disabled. When this option is disabled, a card must be placed on the reader when a user logs in. When the user removes the card from the reader, the Windows Client runs an action that is specified in the Interactive logon: Smart card removal behavior policy. When you set this option to ON, users can tap a card to perform the following actions (depending on the Interactive logon: Smart card removal behavior policy) without keeping their cards on the reader:

  • To log in

  • To lock a session

  • To log off

NOTE:The policy is supported for Microsoft Windows only and it is not supported for the PKI authenticators.

When you enable Single-sign on (SSO) for Remote Desktop, the Interactive logon: Smart card removal behavior policy is ignored. You need to disable SSO to make it working.