Add a Smart Card IdP

The Smart Card feature in Okta allows your end users to use smart cards with a x.509 compliant digital certificate, such as a PIV card, as a primary authentication factor to sign in to Okta.

A personal identity verification (PIV) card is a United States federal smart card that contains the necessary data for the cardholder to be granted to federal facilities and information systems and assure appropriate levels of security for all applicable federal applications. PIV cards are very strong authenticators (up to IAL3/AAL3, per NIST guidance), which can replace the username and password as an authentication method where supported.

Typical workflow for configuring a Smart Card

Task

Description

Format a PKI Certificate Chain

If you are using more than one certificate, follow this procedure to combine them into a single file.

Add a Smart Card identity provider

To add a Smart Card identity provider, you must provide a name, the certificate chain, and specify the amount of time for Okta to consider the CRL valid after a successful download.

Sign in with a Smart Card/PIV as an end user

Test your Smart Card or PIV card configuration by signing in as an end user.

Troubleshooting Smart Card/PIV authentication

If authentication with a Smart Card or PIV card fails, check the troubleshooting items.

Related topics

Add a SAML 2.0 IdP