Smart Credentials allow users to authenticate to their IDaaS account and configured applications. IDaaS supports the following smart credentials:
Mobile smart credentials—The mobile smart credential identity resides on the user’s Mobile Smart Credential app on their mobile device. To use the mobile smart credential, users must install the smart credential on their mobile smart credential app.
Physical smart credentials—A hardware device that contains the smart credential identity, for example, a Yubico YubiKey. To use a physical smart credential, users must install Entrust Certificate Agent for Windows on their end device (Windows desktop).
Note: To use Yubico YubiKey, the YubiKey device must have firmware 5.4 or later.
On Identity as a Service, a smart credential can be used as follows:
As a smart card that allows users to log in to using a smart card (through Smart Login, applications, and networks (logical access).
As a strong authenticator that allows users to respond to push authentication challenges.
Before you can assign smart credential authenticators to your users, you must complete the following:
Step 1: Configure a certificate authority (CA). See one of the following:
Configure an Entrust managed PKI CA
Configure an Entrust PKIaaS CA
Step 2: Configure Smart Credential definitions
Optional: If you want your users to use their smart credential for Smart Login, see the section, Manage Smart Login.
Optional: Modify the smart credential authenticator settings
For more information on mobile smart credentials, see the Entrust Identity Enterprise Smart Credentials Guide. For information on installing Entrust Security Provider, see the Entrust Certificate Agent for Windows Administration Guide.
Topics in this section:
Modify smart credential settings
Configure smart credential definitions
Edit smart credential settings
Manage and revoke smart credential certificates