Versions Compared
Key
- This line was added.
- This line was removed.
- Formatting was changed.
Indeed Certificate Manager uses a mechanism to issue device policies to users. Each policy contains card operation parameters: a list of CAs and certificate templates, PIN installation requirements, a list of actions with the device available to the user, etc. Each policy has its own scope of action. For the Indeed CM user catalog in Active Directory this is:
- Domain
- Container
- Organizational Unit
All users located in the policy object will be issued devices with the parameters defined in the policy. The Policy can apply to the entire object (Domain, Container or Organizational Unit), or to specific groups of users within it. The user who falls under the scope of several device release policies (e.g., is a member of two groups located in the same OU) will be affected by the policy with the higher priority.
Before migrating data from SAM, you must create one or more smart cards usage policies in Indeed CM in advance (see see Adding and editing smart cards usage policies).
| Warning |
|---|
Such a policy must contain the same CAs and templates that were used to issue certificates in SAM. |
As a result of data migration from SAM, all users with tokens and certificates will be falls fall under to the previously created Indeed CM policies.