You are configured in the iDRAC6 for Active Directory login.

The iDRAC6 is enabled for Kerberos Active Directory authentication.

Configuring Smart Card Authentication

The iDRAC6 supports the Two Factor Authentication (TFA) feature by enabling Smart Card Logon.

The traditional authentication schemes use user name and password to authenticate users. This provides minimal security.

TFA, on the other hand, provides a higher-level of security by making the users provide two factors of authentication - what you have and what you know–what you have is the Smart Card, a physical device, and what you know–a secret code like a password or PIN.

The two-factor authentication requires users to verify their identities by providing both factors.

Configuring Local iDRAC6 Users for Smart Card Logon

You can configure the local iDRAC6 users to log into the iDRAC6 using the Smart Card. Click Remote AccessNetwork/SecurityUsers.

However, before the user can log into the iDRAC6 using the Smart Card, you must upload the user's Smart Card certificate and the trusted Certificate Authority (CA) certificate to the iDRAC6.

NOTE: Ensure that CA certificate validation is enabled before configuring the Smart Card.

Exporting the Smart Card Certificate

You can obtain the user's certificate by exporting the Smart Card

certificate using the card management software (CMS) from the Smart Card to a file in the Base64 encoded form. You can usually obtain the CMS from the vendor of the Smart Card. This encoded file should be uploaded as the user's certificate to the iDRAC6. The trusted Certificate Authority that issues the Smart Card user certificates should also export the CA certificate to a file in the Base64 encoded form. You should upload this file as the trusted CA certificate for the user. Configure the user with the

username that forms the user’s User Principal Name (UPN) in the Smart Card certificate.

Configuring iDRAC6 for Single Sign-On or Smart Card Login

193

Page 193
Image 193
Dell IDRAC6 manual Configuring Smart Card Authentication, Configuring Local iDRAC6 Users for Smart Card Logon, 193