IBM Security Verify

 View Only
  • 1.  MFA with PIV/CAC card

    Posted Tue January 31, 2023 04:48 PM

    Is it possible to use a government security card as a control for access to ISAM/ISVA console?  All of the computers at our agency have a card reader for this.


    Gary Brooke

    Solution Senior Consultant

    Cyber Risk Services | Deloitte Advisory

    Mobile: +1 573 462 0977 | |


    This message (including any attachments) contains confidential information intended for a specific individual and purpose, and is protected by law. If you are not the intended recipient, you should delete this message and any disclosure, copying, or distribution of this message, or the taking of any action based on it, by you is strictly prohibited.

    Deloitte refers to a Deloitte member firm, one of its related entities, or Deloitte Touche Tohmatsu Limited ("DTTL"). Each Deloitte member firm is a separate legal entity and a member of DTTL. DTTL does not provide services to clients. Please see to learn more.


  • 2.  RE: MFA with PIV/CAC card

    IBM Champion
    Posted Wed February 01, 2023 08:16 AM
    Under the LMI administrator settings, enable Accept Client Certificates, Validate Client Certificate Identity, and set Exclude CSRF Checking depending on your requirements.

    This may help:

    I can't find any documentation on the knowledge center on these options but I'm sure it's there.  I'm not exactly sure how the cert DN will match against the users in the authentication user registry local to the LMI or an LDAP (if you have it enabled).  That will be the part you have to figure out.  I'm curious if you get this working.  I've looked at it in the past for other types of hardware tokens containing certs but not for PIV, but it should be approximately the same.


    Matt Jenkins