Scenario 2: Mix Of Password And Smart Card Authentication - Check Point HARMONY R81 Administration Manual

What to do:
1. Plan your Smart Card environment:
n Give all users a Smart Card.
n Get a Smart Card certificate for each user and put them in Active Directory.
n Learn which Smart Card driver and Reader driver is necessary for your Smart
Card.
2. Upgrade all endpoints to this version. Use Reporting reports to make sure all users are
successfully upgraded.
3. Open the Policy tab.
4. In a OneCheck User Settings rule, right-click the Authenticate users action and select
Edit:
n Select Smart Card (requires certificates).
n Select Change authentication method only after user successfully authenticates
with a Smart Card.
n Select the drivers required for your Smart Card.
5. In the Directory Scanner area, click Configure.
The Certificate Scanning Configuration window opens.
6. Select Scan user certificates from Active Directory.
7. Monitor the Smart Card deployment in the Pre-boot Reporting reports.
8. If you choose, you can clear the Change authentication method only after user
successfully authenticates with a Smart Card option after all users have logged on with
their Smart Card. If a specified user must use password authentication temporarily, you
can change the Pre-boot Authentication Settings for the user to Password.

Scenario 2: Mix of Password and Smart Card Authentication

Scenario
Your organization is preparing to install Check Point Endpoint Security for the first time. Most
users will use username and password Pre-boot authentication. Administrators with high
administrative privileges will use Smart Card authentication. Your organization does not use
Active Directory.
Before You Configure Smart Card Authentication
R81 Harmony Endpoint Server Administration Guide | 242