Because the Enterprise Security Client is configured using the Phone Home feature, enrolling a smart card is extremely easy. Because the information needed to contact the backend TPS server is provided with each smart card, the user is guided quickly and easily through the procedure.
The following procedure describes how to enroll an uninitialized smart card. To enroll an uninitialized smart card:
NOTE
This procedure assumes that the smart card is uninitialized and the appropriate Phone Home information has been configured.
-
Ensure that the Enterprise Security Client is running.
-
Insert an uninitialized smart card, pre-formatted with the Phone Home information for the TPS and the enrollment interface URL for the user's organization.
The smart card can be added either by placing a USB form factor smart card into a free USB slot, or by inserting a standard, full-sized smart card into a smart card reader.
When the system recognizes the smart card, it displays a message indicating it has detected an uninitialized smart card.
-
Click Enroll My Smart Card Now to display the smart card enrollment form.
NOTE
If you remove the card at this point, a message displays stating that the smart card can no longer be detected. Reinsert the card to continue with the enrollment process.
-
Because the Smart Card Manager now knows where the enrollment UI is located (it is included in the Phone Home information), the enrollment form is displayed for the user to enter the required information.
The above illustration shows the default enrollment UI included with the TPS server. This UI is a standard HTML form, which you can customize to suit your own deployment requirements. This could include adding a company logo or adding and changing field text, etc.
Refer to Section 3.5, “Customizing the Smart Card Enrollment User Interface” for information on how to customize the UI.
-
The sample enrollment UI requires the following information for the TPS server to process the smart card enrollment operation:
- LDAP User ID
-
This is the LDAP user ID of the user enrolling the smart card; this can also be a screen name or employee or customer ID number.
- LDAP Password
-
This is the password corresponding to the user ID entered; this can be a simple password or a customer number.
NOTE
The LDAP user ID and password refer to the fact that the TPS server is usually associated with a Directory Server, which stores user information and to which the TPS refers to authenticate users.
Passwords must conform to the password policy configured in the directory server.
- Password
-
This sets the smart card's password, used to protect the card information.
- Re-Enter Password
-
This confirms the smart card's password.
-
After you have entered all required information, click Enroll My Smart Card to submit the information and enroll the card.
-
When the enrollment process is complete, a message page opens which shows that the card was successfully enrolled and can offer custom instructions on using the newly-enrolled smart card.
