Before You Configure Smart Card Authentication
R81 Harmony Endpoint Server Administration Guide|243
What to do:
1. Plan your Smart Card environment.
n
Give a physical Smart Card to all users who will use a Smart Card.
n
Get a Smart Card certificate for each user who will use a Smart Card.
n
Learn which Smart Card driver and Reader driver is necessary for your Smart
Card.
2. Deploy the Endpoint Security client, including Full Disk Encryption on all endpoints. See
"Deploying Endpoint Security Clients" on page102
. Use Reporting reports to make sure
that Full Disk Encryption completes the deployment phase and the Full Disk Encryption
Status of each computer is Encrypted.
3. Open the Policy tab.
4. In a OneCheck User Settings rule, select one of the Authenticate users actions:
a. Select Authenticate users with Password and manually configure the Smart Card
users to use Smart Card authentication.
b. Select Authenticate users using Smart Card or Password. For added security,
you can manually configure each Smart Card user to use Smart Card
authentication only.
5. Right-click the Authenticate users action and select Edit.
6. Select the drivers required for your Smart Card and the Smart Card protocol. All users
will receive these settings, including those who are configured to use Password
authentication.
7. In the OneCheck User Settings page for each Smart Card user, in the User Certificates
area, click Add to import a certificate.
8. Monitor the Smart Card deployment in the Pre-boot Reporting reports.
Note - You can put all Smart Card users in a virtual group so that it is easy to monitor
them and change their policies, if necessary.
Notes on Using Smart Cards
n
Check Point does not supply Smart Card features to use with Windows. You can use
third-party software, supplied by Windows or the Smart Card vendor.
n
To use recovery media with a Smart Card-only user, when you create the recovery
media, create a temporary user who can authenticate to it.
To Next Page
Loading...
