It is possible to configure mapping of user certificates to altSecurityIdentities attribute in Active Directory. In order to configure support for this feature it needs to be enabled in the particular card template that this feature is to be used.
This feature is currently supported for MS Active Directory only.
It is important that the AD connection that you are connecting with for the particular template has write permissions. From Options – Connections ensure that you have configured a connection to AD with a credential that has appropriate permissions to write to the altSecurityIdentities attribute.
If the smart card token is being issued through the vSEC:CMS User Self-Service it will be necessary for the Windows account that the vSEC:CMS service runs under to have write permissions on the AD.
1. From Templates - Card Templates select an existing template and click Edit.
2. Click the link for Issue Card. In the Enroll Certificates section when you either add a certificate or edit an existing certificate in the table where the particular certificate needs to be mapped to altSecurityIdentities attribute then enable the Update (altSecurityIdentities) check box .
3. Depending on when you wish to have the altSecurityIdentities attribute written to, you will need to configure this from each of the different life cycle states. For example, if you wish to write data when the card is activated then select the Activate Card option and enable the Update {altSecurityIdentities} at AD option.
Comments
0 comments
Please sign in to leave a comment.