Smart Login set up checklist
Use this checklist to help you set up Smart Login with Identity as a Service. Along with this Identity as a Service Administrator Help, you also need the following documentation to complete Smart Login set up for Identity as a Service:
- Identity as a Service User Guide (online help)
- Identity as a Service Service Provider Guide (required for Service Provider administrators only)
- Entrust Identity Help (available in the Entrust Identity app)
| Step # | Task | Supporting Documentation and Notes |
| 1 | To use Smart Login, your Identity as a Service account must include a Smart Login entitlement. Note: Smart Login entitlements are assigned by your Service Provider Administrator. | Service Provider Online Help |
| 2 | Ensure that users have a smart credential authenticator. | Assign a smart credential to users (see Manage smart credentials). Note: Users can also add their own smart credential authenticator. See step 10. |
Optional: Modify the Registration settings to automatically enroll a smart credential for new users. See Configure user registration. | ||
Users add their own smart credential authenticator. See the section, Add and activate a mobile smart credential in the Identity as a Service User Help. | ||
| 3 | Users activate their smart credential. | See the section, Add and activate a mobile smart credential in the Identity as a Service User Help. |
| 4 | Configure a Certificate Authority | See Manage Certificate Authorities.
|
| 5 | Set the default digital ID configurations in the PIV template. | |
| 6 | Map a User Principal Name user attribute for Smart Login. | If you have synced user data with your directory (see Trigger on-demand synchronization) , this is autopopulated. If you created your own custom smart credential definition, you must complete this step. See Map a User Principal Name attribute for Smart Login. |
| 7 | Map a Security ID user attribute for Smart Login to Microsoft Windows. The Security ID is a value that uniquely identifies users in your Windows environment. | IDaaS smart credentials support encoding a Security ID value into certificates associated with a user's smart credentials. When using these smart credentials to perform Windows smart card login, this value in the certificate identifies the user in Windows. See Configure an on-premise Active directory. |
| 8 | Configure the Domain Controller to allow Smart Login. | Install Microsoft Certificate Services allows smart card login to domain clients. |
| 9 | Configure the Domain Controller to trust the Certificate Authority that issues the smart credential. | See Configure the Domain Controller to trust the issuing CA. Note: If the Identity as a Service Certificate Authority resides on the Domain Controller, then this step is not required. |
| 10 | Admin tasks: Configure computer login with mobile smart credentials through Bluetooth for Windows | For iOS devices only |
Configure the screen lock when smart credential is disconnected | ||
| 11 | Admin tasks: Configure computer login with mobile smart credentials through Bluetooth for Apple Macintosh | |
Configure the screen to lock when a smart credential is disconnected | ||
| 12 | Admin task (optional): Configure Windows clients protected by another Smart Credential to do Smart Login. | Configure Windows clients protected by another Credential Provider |
| 13 | Configure a resource rule to allow Smart Login | |
| 14 | User tasks to configure Smart Login | Configure a smart credential for biometric authentication |
Users add their own smart credential authenticator. See the section, Add and activate a mobile smart credential in the Identity as a Service User Help. | ||
Users activate their smart credential authenticator. See the section, Add and activate a mobile smart credential in the Identity as a Service User Help. | ||
| 15 | Test logging in with a smart credential authenticator (user experience) | Smart Login user experience |