MFA Guides

Contactless Card Method

The Contactless Card content area enables administrators to establish, configure, assign, and maintain contactless cards so users can authenticate to a system using contactless card-based certificate-less authentication.

There are four Contactless Card content areas.

method_21.png
Table 18. four contactless card content areas

Content area

Description

Profile List

Profile ListProvides an overview of the configured Contactless Profiles, including the configured PIN policy, card behavior options, and the settings for whether a PIN is required.

PIN Policies

Provides the ability for organizations to establish PIN usage policies and selection criteria for securing contactless cards protected with a PIN.

New Profile

Provides the ability for organizations to create custom profiles that can pair PIN policy with Sets and assigned to users.

New PIN Policy

Provides the ability to create custom PIN policies for contactless card authentication.



Contactless Card - Profile List

By default, RapidIdentity Server has a single profile for contactless cards. The Default profile contains a default PIN policy with these settings.

Table 19. default PIN policy

Default Setting

Value

Attempts before PIN becomes blocked

3

Minimum PIN Length

4

Maximum repeated characters

3

Maximum consecutive characters

3

Card Behavior

Set to Tap in/Out and also Lock workstation

Require PIN

User must provide a PIN in addition to a contactless card to logon but not to unlock a locked session.

Secure Logon Password

No. If set to YES, a user’s password will be randomized and unknown to the user upon enrollment.



Administrators can remove a profile by clicking Delete or edit a profile by clicking Edit.

Contactless Card - Edit Profile

After updating the profile, click Save or Discard to cancel.

method_22.png
Contactless Card - PIN Policies

The PIN Policies content area provides the ability for organizations to create custom PIN policies and edit out-of-the-box PIN policies.

method_23.png

Contactless PIN Policies function identically to Biometric PIN Policies.

Contactless Card - New Profile

Creating a new Contactless Profile is similar to creating a new Biometric Profile.

Follow these 3 steps to create a new Contactless Profile:

  1. Click New Profile.

  2. Enter a name and description. Modify the default settings as desired.

    method_24.png
  3. Click Save or Cancel to discard.

Table 20. Contactless Profile criteria

Criteria

Description

Tap In/Tap Out

If the card is tapped to the reader it will log the user into the system. Then when tapped again it will respond with your selected Action (Lock Workstation or Logoff User).

Card Removal

User presents and leaves the card on the reader to log into the system and once removed from the reader it will respond with the selected Action (Lock Workstation or Logoff User).

Lock Workstation

Locks the system under the current logged in credentials.

Logoff

Logs the current user out of the system.

Select Require a PIN for Workstation Logon

The user is prompted for a password when presenting their authentication method.

Do NOT Require PIN for Workstation Unlock

When the system is locked and user presents their authentication method, the user will NOT be asked to enter a password.

Secure Logon Password

Default is not checked. If enabled, when the card is presented to the reader the user’s password will be randomized and unknown to the user.



Contactless Card - New PIN Policy

Creating a new Contactless PIN Policy is identical to creating a new Biometric PIN Policy.