3.4 Device Authentication

Device Authentication method enables you to authenticate using a valid certificate or a key pair and a PIN. During enrollment, a key pair is generated and is secured with the PIN. When you try to authenticate on any device, the certificate or key pair is validated along with PIN. If the specified PIN matches with enrolled PIN, you are authenticated successfully.

NOTE:Ensure to enroll the Device Authentication method using the workstation where you would perform further authentication. Enrollment on one machine and authentication on another machine is not supported.

3.4.1 Enrolling Device Authentication Authenticator

  1. Click Add icon in Your Enrolled Single Methods for sign in on the Authentication Methods page.

  2. Click the Device Authentication icon in Available Methods for Enrollment.

  3. (Optional) Specify the Display Name.

  4. Select the valid certificate from Key.

    If the Windows TPM smart card is generated in the workstation, the certificate type and expiry date of certificate is populated in Key automatically.

  5. (Conditional) To generate key pair, select Generate a key pair from Key and specify PIN.

  6. Click Save.

    A message The "Device Authentication" authenticator has been saved is displayed.

3.4.2 Testing Device Authentication Authenticator

  1. Click the Device Authentication icon in Your Enrolled Single Methods for sign in.

  2. Click Test Method.

  3. Specify the PIN.

    If the test is successful, a message Test Successful is displayed. If the specified PIN is invalid, a message Incorrect PIN is displayed.