Manage smart credential authenticators

Smart Credentials allow users to authenticate to their IDaaS account and configured applications. IDaaS supports the following smart credentials:

• Mobile smart credentials—The mobile smart credential identity resides on the user’s Mobile Smart Credential app on their mobile device. To use the mobile smart credential, users must install the smart credential on their mobile smart credential app.
• Physical smart credentials—A hardware device that contains the smart credential identity, for example, a Yubico YubiKey. To use a physical smart credential, users must install Entrust Certificate Agent for Windows on their end device (Windows desktop).

note

To use Yubico YubiKey, the YubiKey device must have firmware 5.4 or later.

On Identity as a Service, a smart credential can be used as follows:

• As a smart card that allows users to log in to using a smart card (through Smart Login, applications, and networks (logical access).
• As a strong authenticator that allows users to respond to push authentication challenges.

Prerequisites

Before you can assign smart credential authenticators to your users, you must complete the following:

• Step 1: Configure a certificate authority (CA). See one of the following:
  • Configure an Entrust managed PKI CA
  • Configure a Microsoft CA
  • Configure an Entrust PKIaaS CA
• Step 2: Configure Smart Credential definitions.
• Optional: If you want your users to use their smart credential for Smart Login, see the section, Manage Smart Login.
• Optional: Modify the smart credential authenticator settings.

For more information on mobile smart credentials, see the Entrust Identity Enterprise Smart Credentials Guide. For information on installing Entrust Security Provider, see the Entrust Certificate Agent for Windows Administration Guide.

Topics in this section:

📄️Modify smart credential authenticator settings

Before you assign a smart credential to users, review the smart credential authenticators settings, and modify them as required. You can also make changes to the settings after you assign smarts credentials. Changes made are applied to all smart credentials assigned to users in your Identity as a Service account.

📄️Configure smart credential definitions

A smart credential has two types of digital IDs:

📄️Add a smart credential

You enroll smart credentials for users.

📄️Edit smart credential settings

After the smart credential has been enrolled, review the smart credential settings to confirm they are configured as required. Changes made to the smart credential settings are uploaded to the Identity on your smart credential application during activation.

📄️Manage and revoke Smart Credential certificates

Once you activate a mobile smart credential for a Certificate Authority, you can manage the certificates issued to the smart credential. See Manage Certificate Authorities for more information about creating and managing certificate authorities.

📄️Manage assigned smart credentials

After you add a mobile smart credential to a user, you can make the following changes:

📄️Clone a smart credential definition

You can create a copy of a smart credential definition.