The Card method enables you to authenticate using the contactless smart card (with Card Serial Number). When you try to authenticate on any device, the recorded serial number of the card is compared with the actual serial number. If the card serial numbers are identical, you are authenticated successfully.
NOTE:To use the Card method for authentication, you must install the Advanced Authentication Device Service. For more information on Device Service, see the Advanced Authentication - Device Service guide.
To authenticate with the Card method, perform the following steps:
Ensure that the card reader is connected to your machine.
Tap your card on the reader or insert a smart card in the reader.
If the Card Serial Number in the card matches with enrolled card, the card authentication is successful.
IMPORTANT:The Card method supports the 1:N feature that indicates that Advanced Authentication automatically detects the user name. You can authenticate by pressing CTRL+ALT+DEL and then placing a card to the reader.
The following table describes the possible error messages along with the workaround for the Card authentication.
Table 11-1 Card authenticator - error messages
|
Error |
Possible Cause and Workaround |
|---|---|
|
Wrong card |
The card placed on the reader is incorrect. Try again with another card or re-enroll the authenticator in the Self-Service portal or contact your helpdesk administrator. |
|
Connect reader |
The reader is not connected properly. Try to connect it to a different USB slot and try again. |
|
<Your user name> has no authenticator for Card |
You have not enrolled the card method. You must enroll the authenticator in the Self-Service portal or contact your helpdesk administrator. |
|
No template for Card |
The card is not enrolled or you are trying to log in with the non-cached authenticator in the offline mode. |
IMPORTANT:An administrator can configure an automatic session lock or log off on card events. In such a scenario, you must perform one of the following:
When Tap&Go is disabled, you must place your card on the reader during login. After login you can remove the card from the reader to lock the operating system or log off automatically.
When Tap&Go is enabled, you must tap a card on the reader to log in and to lock, unlock, or log off.
You can enroll the Card and Password authentication methods using the VDA agent and associate the enrolled methods to your account without logging in to the Self-Service portal. However, enrolled methods are listed under the Enrolled Authenticators section of Self-Service portal. The VDA agent supports in-line enrollment for the Card and Password methods when the methods are in the same chain.
To enroll the Card and Password methods using the VDA agent, perform the following steps:
In command prompt, run one of the following command as per your requirement:
To launch VDA Profiles List window:
cd C:/Program Files\NetIQ\Virtual Desktop Authentication
AAA.VDA.Shell.exe/showProfiles
To launch the default VDA profile:
AAA.VDA.Shell.exe
(Conditional) If you have launched VDA Profiles List, select the preferred profile from the list.
The VDA Authentication window appears.
Tap the card on the card reader.
A message The card is not found. Do you want to enroll it? is displayed.
Click Yes to enroll the presented card.
Specify your user name and click Next.
Specify the LDAP password and click Next.
A message Card is enrolled is displayed. The presented card is enrolled for your account.
Specify the password and confirm it then click Next.
A message The Password is not found. Do you want to enroll it? is displayed.
Click Yes to enroll the specified password.
A message Password is enrolled is displayed. The Password method is enrolled for your account.