Users can use their Smart Card to login to their macOS devices thus ensuring more privacy and security. Hexnode MDM enables you to configure Smart Card Authentication for macOS devices. This functionality is supported on devices running macOS 10.12.4 and above.
Configure Smart Card Authentication
- Login to your Hexnode MDM portal.
- Go to Policies > New Policy. Assign a suitable name and description (optional) for the policy. Alternatively, you can choose to continue with an existing policy.
- From macOS > Security, choose Smart Card Authentication. Click Configure.
You will have the following options to be configured.
|Show user pairing dialog||Check this option enables the user to receive the pairing dialog. If disabled, the user won’t get the pairing dialog. However, the existing pairings will continue to work.|
|Unlock via Smart Card||Check this option to use the smart card for login, authorization and screensaver unlocking. If disabled, the users won’t be able to use smart card for the above-mentioned purposes. But it can still be used for web access and signing emails. The device must be restarted for the change in settings to take effect.|
|Verify Certificate Trust||This option is used to determine the credibility of the certificate. A certificate is determined as valid only if the following conditions are met.
You can select among any of the four available options here.
By default, the certificate trust is turned off.
|Allow one smart card per user||Check this option to allow the user to pair with only one smart card. However, the existing pairings will still be allowed.|
|Enable Screensaver on Smart Card removal
|Check this option to enable screensaver on Mac if the smart card has been removed.|
Associate the policy to target entity
If the policy has not been saved,
- Navigate to Policy Targets > +Add Devices.
- Choose the target devices and click Ok.
- Click Save.
Apart from devices, you can also associate the policies to device groups, users, user groups or domains from Policy Targets.
If the policy has been saved,
- From Policies, select the policy to be associated.
- Click on Manage drop-down and select Associate Targets.
- Choose the target devices and click Associate.