Configuring iDRAC6 for Single Sign-On or Smart Card Login 193
• You are configured in the iDRAC6 for Active Directory login.
• The iDRAC6 is enabled for Kerberos Active Directory authentication.
Configuring Smart Card Authentication
The iDRAC6 supports the Two Factor Authentication (TFA) feature by
enabling Smart Card Logon.
The traditional authentication schemes use user name and password to
authenticate users. This provides minimal security.
TFA, on the other hand, provides a higher-level of security by making the
users provide two factors of authentication - what you have and what you
know–what you have is the Smart Card, a physical device, and what you
know–a secret code like a password or PIN.
The two-factor authentication requires users to verify their identities by
providing both factors.
Configuring Local iDRAC6 Users for Smart Card Logon
You can configure the local iDRAC6 users to log into the iDRAC6 using the
Smart Card. Click Remote Access Network/Security Users.
However, before the user can log into the iDRAC6 using the Smart Card,
you must upload the user's Smart Card certificate and the trusted Certificate
Authority (CA) certificate to the iDRAC6.
NOTE: Ensure that CA certificate validation is enabled before configuring the
Smart Card.
Exporting the Smart Card Certificate
You can obtain the user's certificate by exporting the Smart Card
certificate using the card management software (CMS) from the Smart Card
to a file in the Base64 encoded form. You can usually obtain the CMS from
the vendor of the Smart Card. This encoded file should be uploaded as the
user's certificate to the iDRAC6. The trusted Certificate Authority that
issues the Smart Card user certificates should also export the CA certificate
to a file in the Base64 encoded form. You should upload this file as the
trusted CA certificate for the user. Configure the user with the
username that forms the user’s User Principal Name (UPN) in the
Smart Card certificate.