Requirements

  • Windows Hello for Business has been deployed in the infrastructure.
  • The Enrolling Windows Hello for Business (WHfB) option is enabled in the Common features section of the Indeed CM Setup Wizard.
  • The card type has been added to the system configuration Whfb.xml.
  • The user's workstation is equipped with the Trusted Platform Module 2.0.
  • The IndeedCM.WHfB.Middleware component is installed on the workstation.

When issuing the smart card in Self-Service, the user will be suggested to Enroll WHfB or select a connected hardware smart card.

  • RSA 2048 certificates are supported.
  • Only one WHfB card can be created for a user on the computer.
  • The maximum number of WHfB cards per Windows 10 computer is 10.
  • Card initialization is not supported.

After clicking the Issue button, Indeed CM will open the PIN Settings window for Windows Hello:

Click Set up PIN, enter the credentials for basic and user authentication (using the Indeed CM MFA adapter), and click Submit.

Set up a PIN and click OK.

After successfully creating the PIN, Indeed CM will continue issuing the card:

  • Certificates will be requested based on templates added to the smart card usage policy.

  • They will be written down on the card.
  • The card will be assigned to the user.

The WHfB card can be used just like hardware smart cards on the user's workstation. For example, for authentication in a domain.


  • No labels