Information Technology at JPL

Directory and Authentication Service

JPL IT - Directory and Authentication Service

Virtual Smartcard Authentication (JPL-issued Smartphone)

November 2019- The Virtual Smartcard program is currently on hold and no more participants are being added. Resources are devoted towards getting the Mandatory Smartcards (PIV-M) fully implemented first (a NASA priority).

A virtual smartcard deploys mobile credentials providing security benefits comparable to physical badges. Transform a mobile device with an innovative application for two-factor authentication, digital signatures and encrypting data. JPL is offering virtual smartcard functionality as an alternate and backup to Smartcard Badge for authentication to subscribed Windows, Macs and mobile devices with approval from your manager.

What you need to get started:

  • Badge and system already paired successfully
  • Complete the Virtual Smartcard Questionnaire Form (currently disabled) to verify that you, your phone and workstation qualify for VSC.
    • Windows
      • Windows 10 v 1803 or higher
        • 1803 with BLE - no Entrust dongle needed
      • System that supports Bluetooth Low Energy (BLE)
        • Entrust dongle required if BLE not supported
        • Search for "Device Manager" and expand Bluetooth. Right-click on Intel Wireless Bluetooth select Properties, and click on Details tab. Make sure Property dropdown set to "Bluetooth radio supports Low Energy Peripheral Role".
        • If there is no Bluetooth listed under Device Manager, an Entrust dongle will be required.
    • Macintosh
      • MacOS 10.13.3 or higher
      • System that supports Bluetooth Low Energy (BLE)
        • Search on and open System Information. Expand on Hardware in left pane and select Bluetooth. Ensure that "Bluetooth Low Energy Supported" has a value of Yes.
    • Smartphone
      • iPhone or Android 2 years old or less.
      • If qualified for a VSC, the Questionnaire will send a ticket to the VSC team to initiate account set-up. You will receive an email when ready to proceed with pairing your smartphone to your system. Note: We recommend that you select a PIN different from your Badge.

How to log in

MacintoshWindows
  • If you are on Wi-Fi, you will first be prompted for your FileVault password upon start-up (not smartcard-enabled by Apple).
  • Open the Entrust SC Mobile App on your smartphone.
  • Select the Smart Card icon in the lower left.
  • Make sure the Current Identity you selected during set-up is displayed.
  • Under Bluetooth Devices, touch the device/Asset Tag of your workstation.
  • Wait for the Password field to change to PIN and use Virtual Smartcard PIN to log in/li>
  • Open the Entrust SC Mobile App on your smartphone.
  • Select the Smart Card icon in the lower left.
  • Make sure the Current Identity you selected during set-up is displayed.
  • Under Bluetooth Devices, touch the device/Asset Tag of your workstation.
  • If screen defaults to Password, click on sign-in options and select the smartcard (rectangle) icon.
  • The screen will show "checking status" while it verifies the credentials, after which you will be prompted to enter your PIN

How to Configure Bluetooth Auto Connect

Auto Connect allows your computer and your mobile smart credential to establish a Bluetooth connection automatically when you come within Bluetooth range of your computer. Note: If you are actively connecting to more than one device during the day, disable Auto Connect to avoid conflict. The app can only be connected to one system at a time.

  • Open the Entrust SC Mobile App on your smartphone.
  • Select the Settings icon at the bottom.
  • Configure the following settings:
    • Slide the Enabled button to On.
    • Select your Identity and press Done.
    • Select the device/Asset Tag and press Done.
  • Leave the Entrust SC Mobile App running in the background.

How to Add Additional Devices/Workstations After Enrolled

  • Ensure that Bluetooth is enabled on the new device.
  • Ensure that your smartphone is connected to JPL WiFi.
  • Open the Entrust SC Mobile App on your smartphone and select the Smart Card icon at the bottom.
  • Make sure you are not connected to another device.
    • Only one identity and one machine can be connected at any one time.
    • To switch to a second machine, tap on the current tag number and select Yes to disconnect.
  • Click on Add New Device.
  • Select the Asset Tag of the device you wish to pair with from the Available Devices.
  • A Bluetooth Pairing Request box will appear on your phone and on your computer screen. Enter the code from your phone into the box of your computer to pair the device.
  • When pairing is complete you will see a green circle with a check box next to the computer under Bluetooth Devices.
https://dir.jpl.nasa.gov/smartcard_virtual.php