zulfiqar43111
asked on
smart card and token for windows login
We are currently in process of implementing smart card windows login , we need to have a secondary login using token (Ex. RSA) in case an employee forget/lose his smart card
what is the possibility to have token as a secondary login and how to switch between smart card login and token
what is the possibility to have token as a secondary login and how to switch between smart card login and token
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
This is more like having the user recovery if he/she forget their password too, self service reset of password. There are many means to have it and likewise if PIN is forgotten and not due to backend outage or errors, user has to bear the ownership to recover via helpdesk as per norm, this is similar to revoke those expired cert or token is spoilt. I do agree there shouldnt be so many login especially for OS, it is either smartcard or the normal username/passwd but as shared it is security downgrade. Go for maintaining the change mgmt process in user awareness and resiliency in backend. Appl login can varied but not OS (including preboot) login as that is the critical juncture to access all possible service vai the machine
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Can I suggest that the below are consider for the solution.
http://#ID:41704627 (tile based selection by user)
http://#ID:39737492 (another means using a proxy to manage which login approach)
htto://#ID:39743465 (another form factor)
This is in understand it is not asking for multifactor authentication e.g. not to restrict only with 2nd factor as well as not asking for HA configuration. But more of user is able to use either smartcard or token if I read it correctly
http://#ID:41704627 (tile based selection by user)
http://#ID:39737492 (another means using a proxy to manage which login approach)
htto://#ID:39743465 (another form factor)
This is in understand it is not asking for multifactor authentication e.g. not to restrict only with 2nd factor as well as not asking for HA configuration. But more of user is able to use either smartcard or token if I read it correctly