Is it possible to prevent users from using SSO if they have not logged on with their smart card?

  • 7940904
  • 19-Aug-2009
  • 17-Jan-2014

Environment

SecureLogin
SecureLogin SSO
v6.0.x and later
Microsoft Windows


Situation

Question

Is it possible to prevent users from using SSO if they have not logged on with their smart card?

Resolution

Answer

Yes. There are a number of options and preferences that make it possible to only load SSO if the user logged on with their smart card.

SecureLogin is extremely powerful and customizable and no two organizations have the same environment and requirements.

Options to tie SSO to the smart card include;

  • Set the appropriate SecureLogin preferences such as encrypting the user’s SSO credentials using PKI, not allowing access if the smart card is unavailable, and requiring the smart card is present.
    See this knowledgebase article for more information;
  • Determining whether the user logged on with their smart card or not and not loading SSO (or allowing access to only certain applications).
    See this knowledgebase article for more information;

If you completely tie SSO to the smart card, SSO will NOT be available without the smart card. Users can be issued a replacement card and you may have to consider backing up the user’s private key if using PKI encryption of SSO credentials.

Contact ActivIdentity Professional Services for best practice recommendations based on your environment and requirements.