User-Based Enforcement (UBE): This implementation creates an exception to smart card-only authentication for specific users or groups of users (e.g., network admins, device admins, and individuals waived from smart card requirements).Machine-Based Enforcement (MBE): This implementation removes the option for password-based authentication in favor of smart card-only authentication for any account accessible by the macOS device (local or network).This method involves creating a plist configuration file and disabling local pairing on the macOS device.Īgencies may additionally choose a machine or user-based enforcement which disables all password-based authentication. Windows Domain User Account - For a windows domain-joined device, an agency can map smart card attributes to an Active Directory account.No domain or Kerberos architecture is needed. This method pairs a smart card to the local macOS user account and requires its use for desktop authentication. Local Account Pairing - For a non-domain joined macOS account, an agency may enable local account pairing. Choose an Authentication OptionĪgencies have two options to enforce smart card authentication in macOS.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |