That is not really a one if the several other drawbacks if smart cards though. You add the userCertificate field to the user schema and they have their public key stored there. I am happy to answer any questions if you decide to go this route. You can do this in 2012 domains but with custom powershell scripts since the feature is not native. We used SSO and conditional access on domain joined machines so if the users are in the building they will not be asked to login to their email or MFA since they already authenticated using MFA to their workstation.įor best smart card security you will need at least 2016 domain level as that has a feature to rotate the hashes. That’s is usually set it and forget it on mobile devices these days. ![]() But that’s not an issue since it is recommended to have longer passwords and no password changes. You won’t be able to use the Smart Cards for mobile device logins so your 365 accounts will still need to have passwords. None of my users cared since it takes 2 seconds to enter a PIN. If you use RDS users will be required to enter the PIN twice once when the login to the workstation and second time when the launch the RDS application. In that case you will have to setup ADFS but most applications support SSO these days so it’s not a big problem. You will lose LDAP if you have any applications that currently need it. We also use them as access into the building and for time clocks.Įmployees like them because they are easy to use. ![]() We needed IDs for all employees so the cards serve multiple purposes. We paid $28 per card per user and another $16 per device for the readers for the devices that didn’t have smart card readers. Their prices are upfront and they don’t make you jump through hoops to get the cards you simply order it from their store. Their support section has step by step instructions available on how to configure the cards.
0 Comments
Leave a Reply. |