Enterprise server or Web-based card management system software enables corporations to implement and easily manage smart card identity management, provisioning, authentication devices, and policy enforcement across geographically dispersed locations. These systems provide a complete and flexible solution to manage the issuance, administration, and configuration required for the successful and seamless smart card integration with SecureLogin 6.0 SP1.
Typically, these systems also provide key escrow, archiving, and backup to assist you in restoring user credentials if a smart card is lost or damaged. This is necessary because certain strong security settings can cause user data to be unrecoverable without the smart card.
Scenarios that might result in user data being unrecoverable include the following:
PKI Credentials: If you set the
option to , then enable the option under , SSO data cannot be decrypted in the smart card is lost or damaged, because the key stored on the smart card is not recoverable unless you have implemented key archiving and recover.Key Generated on Smart Card: If you set the
option to , then enable the , SSO data cannot be decrypted if the smart card is lost or damaged, because the key stored on the smart card is not recoverable unless you have implemented key archiving and recovery.For either of the above scenarios, if you have implemented key archiving and recovery, you simply issue the user a replacement smart card based on the backup of the original key, then select a new certificate to use for encrypting the user's data.
If you have not implemented key archiving and recovery, you must delete the user's existing SSO configuration data store from the
> tab, which permanently deletes all of the user's applications, credentials, preferences, and user policies. You must then reset the user's corporate passwords and issue a new smart card with a new key pair before the user can log in again and reconfigure the SSO applications using SecureLogin. The user must manually re-enter all application credentials into SecureLogin the first time he or she logs in.