IBM Verify

Under the LMI administrator settings, enable Accept Client Certificates, Validate Client Certificate Identity, and set Exclude CSRF Checking depending on your requirements.

This may help:
https://www.ibm.com/support/pages/ibm-security-access-manager-appliance-local-management-interface-certification-authentication-and-authorization

I can't find any documentation on the knowledge center on these options but I'm sure it's there.  I'm not exactly sure how the cert DN will match against the users in the authentication user registry local to the LMI or an LDAP (if you have it enabled).  That will be the part you have to figure out.  I'm curious if you get this working.  I've looked at it in the past for other types of hardware tokens containing certs but not for PIV, but it should be approximately the same.

Matt

------------------------------
Matt Jenkins
------------------------------

Original Message:
Sent: Tue January 31, 2023 03:19 PM
From: Gary Brooke
Subject: MFA with PIV/CAC card

Is it possible to use a government security card as a control for access to ISAM/ISVA console?  All of the computers at our agency have a card reader for this.

 

Gary Brooke

Solution Senior Consultant

Cyber Risk Services | Deloitte Advisory

Mobile: +1 573 462 0977 | 

gbrooke@deloitte.com | www.deloitte.com

 

This message (including any attachments) contains confidential information intended for a specific individual and purpose, and is protected by law. If you are not the intended recipient, you should delete this message and any disclosure, copying, or distribution of this message, or the taking of any action based on it, by you is strictly prohibited.

Deloitte refers to a Deloitte member firm, one of its related entities, or Deloitte Touche Tohmatsu Limited ("DTTL"). Each Deloitte member firm is a separate legal entity and a member of DTTL. DTTL does not provide services to clients. Please see www.deloitte.com/about to learn more.

v.E.1