Add a Smart Card Identity Provider
Add a Smart Card as an Identity Provider (IdP) and configure its settings. This allows your end users to sign in using their Personal Identity Verification (PIV) or Common Access Card (CAC) credentials.
Add a Smart Card Identity Provider
- In the Admin Console, go to .
- Click Add identity provider.
- Select Smart Card and click Next. The Configure Smart Card IdP page opens.
Configure the Smart Card Identity Provider
On the Configure Smart Card IdP page, configure the following settings:
Field |
Value |
---|---|
Name | Enter a name for the identity provider. End users see this name when they sign in. |
Upload certificate chain files |
Upload certificate files to build your certificate chain. The files must be in .pem or .der format. Upload all the files and click Build certificate chain. The chain and its certificates are displayed. Click Reset certificate chain to replace the current chain with a new one. |
Cache CRL for |
Select the duration for which Okta should consider the CRL valid after it's successfully downloaded. This option is scheduled for deprecation. Okta will provide an automatic and a more resilient CRL caching mechanism if and when this option is deprecated. |
IdP username | Select a Smart Card attribute from the dropdown menu to use as the IdP username. You can also define a custom username using Okta Expression Language. See Smart card idpUser expressions and Expressions |
Match against | Select an Okta attribute from the dropdown menu. The IdP username is matched against this value to find an existing user account in Okta. |
This Smart Card IdP is |
Select the security characteristics associated with this Smart Card IdP: PIN protected, Hardware protected. Okta uses these characteristics to determine how this IdP is prompted for users in policies. |
After you've configured the settings, click Finish. The Smart Card IdP appears in the list on the Identity Providers page.