Test the Smart Card or PIV card configuration

Test your Smart Card or Personal Identity Verification (PIV) card configuration by signing in as a user.

Before you begin

Complete these tasks before you perform this procedure:

• Format a PKI certificate chain
• Add a Smart Card identity provider

Start this task

1. Plug the Smart Card or PIV card reader in and insert your Smart Card or PIV card.
2. In your browser, go to your Okta org URL.
3. In the Sign-In Widget, click Sign in with PIV / CAC Card.
4. In the certificate picker, select the Smart Card Logon certificate under the Enhanced Key Usage attribute.
5. Enter the user's PIN and click Enter or OK.
6. Complete any multifactor authentication (MFA) challenges.
7. Okta displays the End-User Dashboard.

Validate the Smart Card or PIV card client certificate

1. Okta validates that a known issuer issued the certificate on the Smart Card or PIV card. Validation fails if an unknown issuer issued the certificate.
2. Okta validates that the certificate hasn't been revoked by checking a Certificate Revocation List (CRL). Okta automatically downloads and caches CRLs.
3. If the certificate is valid, verified as active, and hasn't been revoked, Okta validates the user against the rules in the IdP configuration. If the user is matched against a rule, Okta grants access to the user.

Related topic

Troubleshooting Smart Card and PIV card authentication