Versions Compared
Key
- This line was added.
- This line was removed.
- Formatting was changed.
This section defines the settings of actions using a smart card within the frame of smart card usage policy. The description of section parameters is given in the Table 4.
Table 4 – Settings of smart card actions.
Option | Description | Default value |
---|---|---|
Add card automatically | Add the smart card to the system (if it wasn’t added earlier) when issued or assigned to user. If the option is disabled, then it is prohibited to issue or assign the card that is connected to a computer but not added to the system. | Disabled |
Enable PIN reset | Enables the administrator to reset PIN codes of user smart cards. | Enabled |
Enable offline unlock | Makes it possible to unlock a user smart card with system administrator assistance when there is no connection between the user workstation and Indeed CM server. To unlock his or her smart card, the user must know answers to the security questions. Validation of answers to security questions for smart card unlocking can be disabled if necessary (Validate answers to security questions option). | Enabled |
Enable cancel of card updating | Allows the Indeed CM administrator or operator to cancel updating of the user smart card contents. | Enabled |
User can add card | This option allows to issue a card, not yet added to the system. The card will be added to the system automatically while issuing. The option is available only if the Add card automatically option is enabled. | Disabled |
User can assign card | This option allows to issue a card, not assigned to the user by the administrator. | Disabled |
User can revoke card | This option allows the user to revoke his or her smart card. | Enabled |
User can enable card | This option allows user to enable his or her smart card (if it was disabled earlier). | Enabled |
User can disable card | This option allows the user to disable his or her smart card (if it was enabled earlier). | Enabled |
User can clear card | This option allows the user to clear up the contents of his or her smart card when it is revoked by an operator with Card removal and Card update reasons. The smart card remains assigned to the user after clearing. | Disabled |
User can reset PIN | The user is allowed to reset PIN of his or her smart card. | Disabled |
User can update card | This option allows the user to update certificates on his or her card if they expired or expire shortly. | Enabled |
User can select optional certificates | If enabled, the user can select the certificates (from the optional ones) to be written to the smart card, while issuing it in the Self-Service application. If disabled, then the certificates marked as optional in the smart card issuing policy, would not be written to the card. | Disabled |
User can issue AirKey card | If enabled, the users can issue AirKey cards in Self-Service application on their own. AirKey card issuance is only possible if integration with с Indeed AirKey Enterprise is set up. | Disabled |
User must answer the security questions on first logon to self-service | If enabled, the user must define security questions and answers to those after logging into Self-Service application for the first time. These questions will be used for user authentication later. If disabled, then the form for security question setup is not displayed upon logging into Self-Service. A user can define the security questions later at any time. | Enabled |
User can change the answers to security question | If enabled, the users can change the answers to security questions after they define into Self-Service application.If enabled, the users are allowed to modify answers to user's secret questions after they are installed in Self-Service application. If the option is disabled, users will not be allowed to modify answers to secret questions after they are installed in Self-Service. Administrators and operators can reset answers to secret questions for later installation by users. | Disabled |
Enable certificate tracing | If enabled, the Indeed CM will search for certificates and corresponding private keys on the smart card. The Indeed CM can send corresponding email notifications when such certificates are about to expire. In the Management Console and in the Self-Service application, it is possible to print traced certificates using the standard certificate print template in the system. | Disabled |