Test the Smart Card or PIV card configuration
Test your Smart Card or Personal Identity Verification (PIV) card configuration by signing in as a user.
Before you begin
Complete these tasks before you perform this procedure:
Start this task
- Plug the Smart Card or PIV card reader in and insert your Smart Card or PIV card.
- In your browser, go to your Okta org URL.
- In the Sign-In Widget, click Sign in with PIV / CAC Card.
- In the certificate picker, select the Smart Card Logon certificate under the Enhanced Key Usage attribute.
- Enter the user's PIN and click Enter or OK.
- Complete any multifactor authentication (MFA) challenges.
- Okta displays the End-User Dashboard.
Validate the Smart Card or PIV card client certificate
- Okta validates that a known issuer issued the certificate on the Smart Card or PIV card. Validation fails if an unknown issuer issued the certificate.
- Okta validates that the certificate hasn't been revoked by checking a Certificate Revocation List (CRL). Okta automatically downloads and caches CRLs.
- If the certificate is valid, verified as active, and hasn't been revoked, Okta validates the user against the rules in the IdP configuration. If the user is matched against a rule, Okta grants access to the user.