Users can make use of their smart card to login to their Macs. Smart Card Authentication requires the users to possess their smart card and enter the smart card PIN to log in to their Mac devices thus ensuring security and privacy than a normal device password.
Authentication via smart card ensures more security than passwords as the former requires the possession of both the smart card and the pin for login whereas in case of the latter if the password is compromised, the data becomes vulnerable. Hexnode MDM enables you to configure smart card authentication settings for Macs. This functionality is supported on devices running macOS 10.12.4 and later.
Configure Smart Card Authentication
- Login to your Hexnode MDM portal.
- Go to Policies > New Policy. Assign a suitable name and description (optional) for the policy. Alternatively, you can choose to continue with an existing policy.
- From macOS > Security, choose Smart Card Authentication. Click Configure.
You will have the following options to be configured.
|Show user pairing dialog||Check this option enables the user to receive the pairing dialog. If disabled, the user won’t get the pairing dialog. However, the existing pairings will continue to work.|
|Unlock via Smart Card||Check this option to use the smart card for login, authorization and screensaver unlocking. If disabled, the users won’t be able to use smart card for the above-mentioned purposes. But it can still be used for web access and signing emails. The device must be restarted for the change in settings to take effect.|
|Verify Certificate Trust||This option is used to determine the credibility of the certificate. A certificate is determined as valid only if the following conditions are met.
You can select among any of the four available options here.
By default, the certificate trust is turned off.
|Allow one smart card per user||Check this option to allow the user to pair with only one smart card. However, the existing pairings will still be allowed.|
|Enable Screensaver on Smart Card removal
|Check this option to enable screensaver on Mac if the smart card has been removed.|
Associate the policy to target entity
If the policy has not been saved,
- Navigate to Policy Targets > +Add Devices.
- Choose the target devices and click Ok.
- Click Save.
Apart from devices, you can also associate the policies to device groups, users, user groups or domains from Policy Targets.
If the policy has been saved,
- From Policies, select the policy to be associated.
- Click on Manage drop-down and select Associate Targets.
- Choose the target devices and click Associate.