Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Requirements

  • Windows Hello for Business has been deployed in the infrastructure.
  • The Enrolling WHfB in self-serviceWindows Hello for Business (WHfB) option is enabled in the Common features section section of the Indeed CM Setup Axidian CertiFlow Configuration Wizard.
  • The card type has been added to the system configuration Whfb.xml.
  • The user's workstation is equipped with the Trusted Platform Module 2.0.
  • The IndeedCMThe AxidianCertiFlow.WHfB.Middleware component is installed on the workstation.

When issuing the smart card in Self-Service, the user will be suggested to Enroll WHfB or select a connected hardware smart card.

Note
  • RSA 2048 certificates are supported.
  • Only one WHfB card can be created for a user on the computer.
  • The maximum number of WHfB cards per Windows 10 computer is 10.
  • Card initialization is not supported.

Image RemovedImage Added

After clicking the Issue button, Indeed CM will Axidian CertiFlow will open the PIN Settings window for Windows Hello:

Image RemovedImage Added

Click Set up PIN, enter the credentials for basic and user authentication (using the Indeed CM Axidian CertiFlow MFA adapter), and click Submit.

Image RemovedImage Added

Set up a PIN and click OK.

Image RemovedImage RemovedImage AddedImage Added

After successfully creating the PIN, Indeed CM Axidian CertiFlow will continue issuing the card:

  • Certificates will be requested based on templates added to the smart card usage policy.

  • They will be written down on the card.
  • The card will be assigned to the user.

The WHfB card can be used just like hardware smart cards on the user's workstation. For example, for authentication in a domain.

Image RemovedImage Added