Add a Smart Card IdP
Okta allows your end users to use Smart Cards with a x.509 compliant digital certificate as a primary authentication factor to sign in to Okta. A Smart Card is also called a personal identity verification (PIV) card.
A PIV card contains the necessary data for the cardholder to be granted access to United States federal facilities and information systems. It assures appropriate levels of security for all applicable federal apps. PIV cards are strong authenticators (up to IAL3/AAL3, per NIST guidance), which can replace the username and password as an authentication method where supported.
Typical Smart Card configuration workflow
|
Task |
Description |
|---|---|
| Format a PKI certificate chain | If you're using more than one certificate, follow this procedure to combine them into a single file. |
| Add a Smart Card identity provider | To add a Smart Card identity provider, you must provide a name and the certificate chain. |
|
Test your Smart Card or PIV card configuration by signing in as an end user.
The sign-in request is evaluated against all active Smart Card and PIV IdPs. If multiple IdPs match, the first one is used for signing in, regardless of routing rules. |
|
| Troubleshooting Smart Card and PIV card authentication | If authentication with a Smart Card or PIV card fails, check the troubleshooting items. |