Views:
Common Access Card (CAC) authentication enables you to secure SMS client access by using two-factor authentication, which is more secure than the standard username and password authentication.
CAC authentication on the SMS Description
ActivClient software ActivClient extracts certificate information from the CAC that the SMS uses to authenticate users. ActivClient interacts with identification tokens, certificate authorities, and smart card readers.
Certificate management PKI certificates come from an approved Certificate Authority (CA) and are used to verify and authenticate the card holder.
Select Admin Certificate ManagementCA Certificates to import, replace, and view certificate details.
CAC authentication When CAC authentication is enabled on the SMS:
  • All users must use their CAC to log in to the SMS client.
  • Users will not be able to access the SMS Web client.
  • The SMS will not allow an administrator to designate user accounts to be authenticated locally (local authentication).
Select Admin Authentication and AuthorizationAuthentication to select the authentication source that the SMS will use to authenticate users.
Managing user roles and user accounts The SMS uses capabilities and roles to give users permissions to perform specific actions.
Select Admin Authentication and AuthorizationRoles to set the capabilities for each role.
Users with enabled access to the SMS CLI capability can log in from the SMS CLI to disable CAC authentication, which sets the SMS back to the default authentication method (local authentication).
Select Edit/Create RoleCapabilitiesAdminSMS ManagementAccess ManagementAccess SMS CLI to expand or limit this capability.
Related information