Versions Compared

Old Version 7

changes.mady.by.user Mikhail Yakovlev

Saved on

compared with

New Version 8

changes.mady.by.user Mikhail Yakovlev

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Requirements

  • Windows Hello for Business has been deployed in the infrastructure.
  • The Enrolling WHfB in self-service option is enabled in the Common features section of the Indeed CM Setup Wizard.
  • The card type has been added to the system configuration Whfb.xml.
  • The user's workstation is equipped with the Trusted Platform Module 2.0.
  • The IndeedCM.WHfB.Middleware component is installed on the workstation.

When issuing the smart card in Self-Service, the user will be suggested to Enroll WHfB or select a connected hardware smart card.

Note
  • RSA 2048 certificates are supported.
  • Only one WHfB card can be created for a user on the computer.
  • The maximum number of WHfB cards per Windows 10 computer is 10.
  • Card initialization is not supported.

After clicking the Issue button, Indeed CM will open the PIN Settings window for Windows Hello:

Click Set up PIN, enter the credentials for basic and user authentication (using the Indeed CM MFA adapter), and click Submit.

Set up a PIN and click OK.

After successfully creating the PIN, Indeed CM will continue issuing the card:

  • Requests certificates based on templates added to the smart card usage policy.

  • Writes them down to the card.
  • Assign the card to the user.

The WHfB card can be used just like hardware smart cards on the user's workstation. For example, for authentication in a domain.