Assigning policies and enrolling the certificate

If the user's smart card reader is directly attached to a USB port on the AIX® operating system, you must assign one or more policies to a user and enroll the PIV/CAC card certificate you want the user to use.

To assign policies and enroll the PIV/CAC card certificate you want the user to use, complete the following steps:
Note: If you do not want to use a web browser, you can the bulk provisioning feature. The bulk provisioning feature is described in Provisioning users in bulk for IBM PowerSC MFA.
  1. Log in to the IBM PowerSC MFA GUI.
  2. In the IBM PowerSC MFA GUI, click the User Provisioning tab.
  3. Select an existing user.
    The All Policies table shows all of the available policies.
  4. Click + in the Policies section.
  5. Select one or more policies that includes only the AZFCERT1 authentication method.
  6. Click Confirm.
    The Authentication Methods table shows the configured authentication methods for the policy.
  7. Select the AZFCERT1 authentication method.
  8. Click Check provisioning information.
  9. You are prompted for the user-specific authentication method settings. For AZFCERT1, upload the user's PIV/CAC card public certificate. You can browse to the file that is in the .cer or .pem format.
  10. Click Confirm.
  11. Set Active to On for the authentication method.
  12. Click Confirm.