Add a Smart Card IdP

Okta allows your end users to use Smart Cards with a x.509 compliant digital certificate as a primary authentication factor to sign in to Okta. A Smart Card is also called a personal identity verification (PIV) card.

A PIV card contains the necessary data for the cardholder to be granted access to United States federal facilities and information systems. It assures appropriate levels of security for all applicable federal apps. PIV cards are strong authenticators (up to IAL3/AAL3, per NIST guidance), which can replace the username and password as an authentication method where supported.

Typical Smart Card configuration workflow

Task

Description

Format a PKI certificate chain If you're using more than one certificate, follow this procedure to combine them into a single file.
Add a Smart Card identity provider To add a Smart Card identity provider, you must provide a name and the certificate chain.

Test the Smart Card or PIV card configuration

Test your Smart Card or PIV card configuration by signing in as an end user.

The sign-in request is evaluated against all active Smart Card and PIV IdPs. If multiple IdPs match, the first one is used for signing in, regardless of routing rules.

Troubleshooting Smart Card and PIV card authentication If authentication with a Smart Card or PIV card fails, check the troubleshooting items.

Related topics

Add a SAML 2.0 IdP