Use this checklist to help you set up Smart Login with Identity as a Service. Along with this Identity as a Service Administrator Help, you also need the following documentation to complete Smart Login set up for Identity as a Service:
Identity as a Service User Guide (online help)
Identity as a Service Service Provider Guide (required for Service Provider administrators only)
Entrust Identity Help (available in the Entrust Identity app)
Step # |
Task |
Supporting Documentation and Notes |
Completed |
| 1 | To use Smart Login, your Identity as a Service account must include a Smart Login entitlement. Note: Smart Login entitlements are assigned by your Service Provider administrator. |
Service Provider Online Help | |
| 2 | Ensure that users have a smart credential authenticator. |
Assign a smart credential to users (see Manage smart credentials). Note: Users can also add their own smart credential authenticator. See step 10. |
|
Optional: Modify the Registration settings to automatically enroll a smart credential for new users. See Configure user registration. |
|||
Users add their own smart credential authenticator. See the section, Add and activate a mobile smart credential in the Identity as a Service User Help. |
|||
| 3 | Users activate their smart credential. |
See the section, Add and activate a mobile smart credential in the Identity as a Service User Help. | |
| 4 | Configure a Certificate Authority | See Manage Certificate Authorities. If you are using a Microsoft Certificate Authority, you must create and configure a Gateway and add a directory. If you are using an Entrust Managed PKI CA, creating a Gateway and adding a directory is optional. |
|
| 5 | Set the default digital ID configurations in the PIV template. | ||
| 6 | Map a User Principal Name user attribute for Smart Login. | If you have synced user data with your directory (see Trigger on-demand synchronization), this is autopopulated. If you created your own custom smart credential definition, you must complete this step. See Map a User Principal Name attribute for Smart Login. |
|
| 7 | Map a Security ID user attribute for Smart Login to Microsoft Windows. The Security ID is a value that uniquely identifies users in your Windows environment. | IDaaS smart credentials support encoding a Security ID value into certificates associated with a user's smart credentials. When using these smart credentials to perform Windows smart card login, this value in the certificate identifies the user in Windows. See Configure an on-premise Active directory. |
|
8 |
Configure the Domain Controller to allow Smart Login. | Install Microsoft Certificate Services allows smart card login to domain clients. |
|
9 |
Configure the Domain Controller to trust the Certificate Authority that issues the smart credential. | See Configure the Domain Controller to trust the issuing CA. Note: If the Identity as a Service Certificate Authority resides on the Domain Controller, then this step is not required. |
|
| 10 | Admin tasks: Configure computer login with mobile smart credentials through Bluetooth for Windows | For iOS devices only |
|
Configure the screen lock when smart credential is disconnected |
|||
| 11 | Admin tasks: Configure computer login with mobile smart credentials through Bluetooth for Apple Macintosh | ||
Configure the screen to lock when a smart credential is disconnected |
|||
12 |
Admin task (optional): Configure Windows clients protected by another Smart Credential to do Smart Login. | Configure Windows clients protected by another Credential Provider | |
13 |
Configure a resource rule to allow Smart Login | Create resource rules | |
14 |
User tasks to configure Smart Login | Configure a smart credential for biometric authentication |
|
Users add their own smart credential authenticator. See the section, Add and activate a mobile smart credential in the Identity as a Service User Help. |
|||
Users activate their smart credential authenticator. See the section, Add and activate a mobile smart credential in the Identity as a Service User Help. |
|||
15 |
Test logging in with a smart credential authenticator (user experience) | Smart Login user experience | |