Configuring Identity Service card validation

Use Identity Service card validation when validating users through an Identity Service Provider.

1. From the Embedded Web Server, navigate to the configuration page for the application:

   Apps > Card Authentication > Configure

2. From the User Authentication section, set Card Validation to Identity Service.

3. Select Verify Certificate to validate all connections to the server. If Verify Certificate is not selected, then CA will not be validated.

4. In the Verification Mode menu, select either chain or peer.

   Note: The default value is chain.

5. Upload the server SSL certificate to connect securely to the server.

6. In the CheckHosts field, type the additional host names (other than the default server URL) to verify the entries in the certificate. Use commas to separate multiple host names.

   Note: By default, that white list contains just the server URL. Type additional host names in the CheckHosts field to include them in the white list.

7. From the Identity Service Settings section, type the host name or IP address of the Identity Service Provider.

8. Type the host name or IP address of the Badge Service Provider.

9. Set the Application Access Policy.

   • Continue—Continue using the printer even if connecting to the Identity Service server fails.

   • Fail—Go back to the login screen if connecting to the Identity Service server fails.

10. If you have a Client ID and Client Secret from the Identity Service Provider, then type the information in their corresponding fields.

11. Adjust the network and socket timeouts.

12. Upload the server SSL certificate to connect securely to the server.

13. To allow users to log in to the printer using a separate service account, select Use Service Account, and then enter the service account credentials.

14. Set Card Registration to Identity Service.

15. Click Save.