Usage settings are defined in the Control section of Indeed CM policy for cards assigned to Agent. When a card is connected to a workstation, an Agent reacts to the corresponding event:
- Mismatch of assigned card and Agent. This event occurs when, for example, a user connected a smart card of another user to his or her workstation, and this card is not assigned to the Agent.
- Mismatch of assigned card and user. This happens when a user logged on to workstation with the smart card assigned to the Agent, and then changed user account in the operating system.
The following actions are possible when Agent detects an event:
- Write event
- Lock user session, write event
- Lock card, write event
- Lock user session and card, write event
If Lock user session or Lock user session and card is selected, then you have to specify the value of Timeout before locking the user session, 5 seconds max.
To enable Agent tracking of user session association to connected card, enable Enable user card binding. If Agents and cards are supposed to be used on workstations beyond the domain of your organization, then you have to enable the Consider user card binding on PC that is not joined to domain option.
Define the message to be displayed to user in case of assignment violation, as well as the action to be performed by Agent.
The following attributes can be used in the message:
- {sn} – output of card serial number
- {atr} – output of ATR value for card
- {model} – output of card model
- {label} – output of card label