8.0 Managing Smart Card Integration

Network authentication is the verification of a user's login credentials before granting access to a network or operating system. Users typically authenticate to a network using one of the following methods:

  • Password

  • Biometric device (fingerprint or iris scan)

  • Smart card and PIN

  • Token

When a user authenticates successfully and the operating system loads, SecureLogin starts and manages the login credentials to the user's single sign-on-enabled applications.

If you want to enforce biometric, smart card, or token authentication at the application (or transaction) level, AAVerify can be used with SecureLogin to prompt the user to re-authenticate before SecureLogin retrieves their credentials and logs in to single sign-on enabled applications.

You can also integrate network authentication methods such as ActivIdentity’s SCPL with SecureLogin to manage user’s Windows login credentials (user name, password, and network selection). SCPL provides secure and convenient network log in by allowing a user to simply insert the smart card and enter the PIN to gain network access. SCPL retrieves the user's Windows username and password from the smartcard and automatically enters these into the Windows Graphical Identification and Authorization (GINA)/Credential Provider interface after a user enters his or her PIN.

The use of a smart card with SecureLogin is based on the enterprise preference to have users utilize a smart card to log on and store their single sign-on data or to encrypt their directory data using a Public Key Infrastructure (PKI).

To continue working with SecureLogin, you must manually add the entry and set the value to File.

The secondary store entry under HKLM/Protocom/SecureLogin/Security is deleted when the installer is modified to remove smart card support. To continue working with SecureLogin, you must manually add the entry and set the value to File.

If you are using smart card authentication for the Citrix login prompt, enter the smart card PIN manually, because the PIN is not cached for the Citrix server authentication.

This section provides information on the following: