Installing and Configuring Credential Provider for Microsoft Windows

This section provides the instructions to install and configure the Credential Provider.

The SafeNet IDPrime Virtual Credential Provider feature (not installed by default) enhances the Windows logon state by allowing user to login to Windows using a SafeNet IDPrime Virtual smartcard. It is required to connect to the IDPV server to load the smart card. After successful login, you are able to authenticate to Windows with your virtual smartcard.

When you work with SafeNet IDPrime Virtual in Offline mode, private keys are securely stored on the TPM. Therefore, SafeNet IDPrime Virtual Credential Provider is not required for Offline Mode.

Installing SafeNet IDPrime Virtual Credential Provider

SafeNet IDPrime Virtual Credential Provider is included in the SafeNetIDPrimeVirtual.msi file, and can be installed by using any of the following methods:

• Install using the .msi file.

  1. On the Custom Setup window, select the Complete installation type to include the IDPrime Virtual Credential Provider feature and click Next.

     

  2. Go to the the Install IDPV Client Using the Installer section and perform step 6 onwards.

• Install using the command line.

  Run the command for Complete (with Credential Provider) IDPV installation given under step 3 of the Install IDPV Client Using the Command Line section.

Using SafeNet IDPrime Virtual Credential Provider

Perform the following steps to use the IDPV credential provider:

1. Select Connect SafeNet IDPrime Virtual smartcard, and then click Connect.

   If a user does not have a card, the connection is unsuccessful and the following message is displayed.
   Connection failed. Your card is not available. Please contact your administrator.
   A smart card is not created by default due to configuration. However, the Admin does not encounter this error message because a card is already created for the Admin, enabling a successful connection.

   

   

   The SafeNet IDPrime Virtual Smart Card Authentication page is displayed.

   SafeNet Trusted Access is used as an Identity Provider in these screenshots. The SafeNet IDPrime Virtual Smart Card Authentication login page can be different as per the configured IdP type.

2. Enter your IDP username and click LOGIN.

   

3. Enter your IDP password, and click LOGIN.

   

   After authentication is successful, your virtual smart card is available for windows logon.

   

4. Select the user you want to login.

   

5. Click to select the SafeNet IDPrime Virtual smart card to sign-in.

   

6. Enter your PIN and click .

   

   If the correct virtual smart card PIN is entered, the user will sign in to Windows successfully.

   Additionally, the user can use a virtual smart card for the following:

   • Website authentication
   • VPN authentication
   • Email encryption and decryption
   • Digitally signing documents

   The IdP user must exit from the IDPV tray menu to allow other IdP users to use the credential provider effectively.

Using SafeNet IDPrime Virtual Credential Provider in Offline Mode

Users can authenticate using the IDPrime Virtual Credential Provider even in Offline Mode, provided the following conditions are met:

• The tenant is created with the -k true parameter, and the HSM supports export mode.
• The user has been granted offline access.

Offline Authentication Scenarios

The following scenarios describe the expected behavior when users log in using the IDPrime Virtual Credential Provider in offline mode: