Hybrid smart card authentication
IBM® Security Access Manager for Enterprise Single Sign-On supports the use of hybrid smart cards for user authentication in both personal and shared workstations.
How it works
Hybrid smart cards are made of embedded PKI microprocessor with contact interface and RFID chip with contactless interface. Users can log on and unlock the Windows desktop with a smart card without re-entering the smart card PIN within a configurable grace period. The grace period is measured from the last two-factor authentication time.
To use hybrid smart card authentication, the users must register the hybrid smart cards as secondary authentication factors.
Hybrid smart card tap same and tap different
- Tap same
When the user taps the same hybrid smart card tapped during an AccessAgent session, the Windows desktop is locked. This behavior is configured through the smart card tap same machine policy.
- Tap different
When a different hybrid smart card is tapped during an AccessAgent session, the previous user is logged off and the new user is logged on. This behavior is configured through the smart card tap different machine policy.