Contactless Card Method
The Contactless Card content area enables administrators to establish, configure, assign, and maintain contactless cards so users can authenticate to a system using contactless card-based certificate-less authentication.
There are four Contactless Card content areas.
Content area | Description |
|---|---|
Profile List | Profile ListProvides an overview of the configured Contactless Profiles, including the configured PIN policy, card behavior options, and the settings for whether a PIN is required. |
PIN Policies | Provides the ability for organizations to establish PIN usage policies and selection criteria for securing contactless cards protected with a PIN. |
New Profile | Provides the ability for organizations to create custom profiles that can pair PIN policy with Sets and assigned to users. |
New PIN Policy | Provides the ability to create custom PIN policies for contactless card authentication. |
Contactless Card - Profile List
By default, RapidIdentity Server has a single profile for contactless cards. The Default profile contains a default PIN policy with these settings.
Default Setting | Value |
|---|---|
Attempts before PIN becomes blocked | 3 |
Minimum PIN Length | 4 |
Maximum repeated characters | 3 |
Maximum consecutive characters | 3 |
Card Behavior | Set to Tap in/Out and also Lock workstation |
Require PIN | User must provide a PIN in addition to a contactless card to logon but not to unlock a locked session. |
Secure Logon Password | No. If set to YES, a user’s password will be randomized and unknown to the user upon enrollment. |
Administrators can remove a profile by clicking Delete or edit a profile by clicking Edit.
Contactless Card - Edit Profile
After updating the profile, click Save or Discard to cancel.
Contactless Card - PIN Policies
The PIN Policies content area provides the ability for organizations to create custom PIN policies and edit out-of-the-box PIN policies.
Contactless PIN Policies function identically to Biometric PIN Policies.
Contactless Card - New Profile
Creating a new Contactless Profile is similar to creating a new Biometric Profile.
Follow these 3 steps to create a new Contactless Profile:
Click New Profile.
Enter a name and description. Modify the default settings as desired.
Click Save or Cancel to discard.
Criteria | Description |
|---|---|
Tap In/Tap Out | If the card is tapped to the reader it will log the user into the system. Then when tapped again it will respond with your selected Action (Lock Workstation or Logoff User). |
Card Removal | User presents and leaves the card on the reader to log into the system and once removed from the reader it will respond with the selected Action (Lock Workstation or Logoff User). |
Lock Workstation | Locks the system under the current logged in credentials. |
Logoff | Logs the current user out of the system. |
Select Require a PIN for Workstation Logon | The user is prompted for a password when presenting their authentication method. |
Do NOT Require PIN for Workstation Unlock | When the system is locked and user presents their authentication method, the user will NOT be asked to enter a password. |
Secure Logon Password | Default is not checked. If enabled, when the card is presented to the reader the user’s password will be randomized and unknown to the user. |
Contactless Card - New PIN Policy
Creating a new Contactless PIN Policy is identical to creating a new Biometric PIN Policy.