Web Login Authentication using Smart Cards
You can enable Web login authentication using certificates from a third-party, common access card (CAC) or smart card with user identification. When a user attempts to access the device through the Web browser (HTTPS), the device retrieves the Web user’s login username (and other information, if required) from the CAC, and automatically displays it in the 'Username' field (read-only) on the Web Login screen. The user attempting to access the device is now only required to provide the login password.
Typically, a TLS connection is established between the CAC and the device’s Web interface, and a RADIUS server is implemented to authenticate the password with the username. Therefore, this feature implements a two-factor authentication - what the user has (i.e., the physical card) and what the user knows (i.e., the login password).
For specific integration requirements for implementing a third-party smart card for Web login authentication, contact the sales representative of your purchased device.
|
➢
|
To log in and enable Web login authentication using CAC: |
|
1.
|
Open the Security Settings page (Setup menu > IP Network tab > Security folder > Security Settings). |
|
2.
|
From the 'Enable Management Two Factor Authentication' [EnableMgmtTwoFactorAuthentication] drop-down list, select Enable. |
|
3.
|
Insert the Common Access Card into your card reader. |
|
4.
|
Enter the password only. As some browsers may require a username, it’s recommended to enter a username with an arbitrary value. |