Information Technology at JPL

Directory and Authentication Service

JPL IT - Directory and Authentication Service

Mandatory Smartcard Authentication

March 16, 2020 - The OCIO is postponing the deployment of mandatory smartcard authentication until further notice, this includes those who had been informed that they will be transitioning the week of March 16 and those transitioning the week of March 24. Users who are not currently using smartcard authentication will be notified when the new transition date is re-scheduled. In the meantime, please test your smartcard log in to ensure that you will be ready when it becomes mandatory.

Below are tips to keep in mind and action to take if you are affected by one by the following:

  • Remote Desktop User >>

    Remote Desktop from Apple systems will be affected: Once set to mandatory smartcard login, iOS devices including iPhones and iPads, will not be able to remote desktop into your system. The ability to remote desktop from a Macintosh system to a mandatory smartcard Windows system is currently not working and Microsoft is reviewing the issue. Users requiring this functionality may apply for a Waiver.

  • Modified Computer/Host Name >>

    If you have modified your computer's host/computer name, such as Erics_macbook, you should change it back to the assigned asset tag number, such as MT-204419. This is needed to facilitate the automated processes in the case of forgotten or lost badges. For help, contact the JPL Service Desk.

  • Expected Travel During Your Transition Date >>

    If you expect to be on travel during your scheduled transition date and have not yet tested your smartcard login, please request a 10 day Exemption before the cutover date. This will allow you to use your password for authentication while on travel.

  • Shared System >>

    If your system is shared (Lab, Kiosk, or Training System) or in a clean room, you will want to request a Waiver before the cutover date. If you already have a waiver request approved, your system will be not be set to mandatory smartcard login.

  • VPN User >>

    Prior to Smartcard mandatory, users who work remotely should first log in to their system while connected to the JPL network using their badge. This ensures the credentials are cached when the computer is not connected to the JPL Network.

  • Forgotten, Lost, or Damaged Badge >>
    • Forgotten Badge - Visit the Badging Kiosk (Visitor Center) or any Officer Station to obtain a temporary paper badge. Once a temporary badge has been issued, any systems registered in your name are set back to password login until 10 a.m. (PT) the following day. No further action is required. Temporary exemptions may also be requested by calling the JPL Service Desk or via the JPLIT Portal's Exemption/Waiver Request Form (this form is available externally).
    • Lost/Damaged/Awaiting Badge Issuance - The Badging Office will update the status of your badge and any systems in your name will be set to password login for up to 60 business days.
    • Note: Once issued, Exemptions and Waivers do require a system restart in order to login with your password and may require assistance from the JPL Service Desk.

For additional information including Exemptions/Waivers, see Smartcard FAQs and Troubleshooting.

To prepare, you will need:

  1. Smartcard (JPL badge with a gold chip) - Set up by the Protective Services Division (PSD) Badging Office.
  2. Know your PIN (6-8 digits) - Chosen when your Smartcard is setup.
    • Forgot your PIN? Schedule an appointment with the Badging Office by logging into your EBIS account and selecting the badge scheduler found in your employee toolkit or call (818) 354-5050 to reset it. Walk-ins available on Tuesdays thru non-RDO Fridays from 9-11 a.m.
  3. Smartcard reader - Some systems and keyboards already have readers built in. Readers can be picked up at the Hub (111-104) or ordered via the JPL IT Catalog (can take a couple of days).
  4. Active certificates for authentication on your Smartcard: see Instructions for Viewing and Updating Smartcard Badge Certificates.

Test your Smartcard and your PIN before your transition date

If you are running an OS older than Mac 10.12.4 or Windows 10, it's likely you will have issues authenticating with your smartcard and you will need to upgrade your system. In this case, you may need to request an Exemption/Waiver.

  • Insert your smartcard into your reader.
  • Open a fresh instance of Chrome and go to https://auth.launchpad.nasa.gov.
  • If you are prompted for your username/password, click cancel to be directed to the Smartcard Log in window.
  • Choose to Sign in with your Smartcard and follow the prompts to enter your PIN.
  • If the login is successful, you are all set and no further action is required at this time.

How to log in after your system is set to Mandatory Smartcard Authentication

Macintosh 10.12.4+Windows 10+

On transition day, you will be prompted with a pop-up to complete the set-up process. After that, follow the steps below to log in.

  • Upon startup, enter your File Vault password
  • Make sure your reader is connected to your system and insert your Smartcard into the reader photo-side face-up (or facing you in vertical readers) and chip-end first. Be patient, it may take several seconds to connect.
  • Enter your 6-8 digit PIN number.

On transition day, you will begin logging in by following the steps below.

  • Select Switch User > Smartcard login or click on Sign-in options and then select the smartcard icon.
  • Make sure your reader is connected to your system and insert your Smartcard into the reader photo-side face-up (or facing you in vertical readers) and chip-end first. Be patient, it may take several seconds to connect.
  • Enter your 6-8 digit PIN number.

Help

For additional information, see Smartcard FAQs and Troubleshooting

In-person help is available at the HUB (111-104). You may also contact the Unified Service Desk by calling 4-help (4-4357) or by submitting a Service Request.

Instructions for Viewing and Updating Smartcard Badge Certificates (PDF) .

Smartcard Login for NASA Web Applications (Launchpad) (PDF) .

https://dir.jpl.nasa.gov/smartcard.php