- Centrify Express For Mac Smart Card Services
- Centrify Express For Mac Smart Card Pairing
- Centrify Express For Mac Smart Card Reader Software
- Centrify Express For Mac Smart Card Reader
Most CACs are supported by the Smartcard Services package, however Oberthur ID One 128 v5.5 CACs are not. Third party middleware is available that will support these CACS; two such options are Thursby Software’s PKard and Centrify’s Express for Smart Card. . Enhanced smart card support for Apple Mac OS X versions 10.7 and 10.6 for the CAC, CACNG, and PIV smart cards, including the Oberthur ID One 128 v 5.5 Dual Smart Card.
Card stock you have, look at the back of your CAC above the magnetic strip. Most CACs are supported by the Smartcard Services package, however Oberthur ID One 128 v5.5 CACs are not. Third-party middleware is available that will support these CACS; two such options are Thursby Software’s PKard and Centrify’s Express for Smart Card. Uninstalling Centrify Express for Smart Card To remove Centrify Express for Smart Card follow these steps: In the Finder, navigate to /Applications/Utilities/Centrify and double click on the Smart Card Assistant application. Click the Uninstall button. Related Articles TIPS A Centrify Server Suite Cheat Sheet HOWTO: Manually install and join AD with the Centrify Express agent Cheat Sheet - DirectAudit Commands on Unix & Linux Systems Basics Understanding how Active Directory Functional Levels affect Centrified Systems How To Setup Centrify PIM for Google Compute Engine Linux VM Instances Basics Centrify Zone schemas, UNIX identity.
Centrify's DirectControl for Mac OS X enables administrators to centralize user management and smart card login within Microsoft Active Directory and to enforce desktop lockdown controls over user and Mac system configurations through Windows Group Policy. Centrify DirectControl for Mac OS X's integration with McAfee ePO software enables administrators to import computer information for heterogeneous desktop environments into McAfee ePO databases, deploy and manage Centrify's software agents onto these systems using McAfee ePO software, and view deployment coverage reports. As a result, IT security and help desk teams can now manage and secure Mac systems in the same way they manage Microsoft Windows PCs - using the same familiar Windows-based tools and processes.'We're pleased to promote Centrify to Technology Partner status,' said Ed Barry, senior director of the McAfee Security Innovation Alliance. 'By deploying our newly integrated solutions, our joint customers can reduce operational costs, achieve greater protection and improve their overall compliance.'
'Centrify is excited to be a part of the McAfee Security Innovation Alliance program and to have achieved compatibility with the McAfee ePO platform,' said Frank Cabri, vice president of marketing and business development for Centrify. 'Our joint customers will value the integration of these key McAfee and Centrify technologies, which together will help simplify deployments and reduce security risks across their Mac environment.'
About McAfee ePO Platform and McAfee Security Innovation Alliance Program
McAfee ePolicy Orchestrator is the first platform that lets enterprises and governments centrally manage security and compliance products from multiple vendors, offering unprecedented cost savings and return on investment. With more than 35,000 customers managing security and compliance on more than 60 million PCs and servers, this unique platform is helping McAfee Security Innovation Alliance partners to extend their reach and create complementary functionality. For more information on the McAfee Security Innovation Alliance and McAfee ePolicy Orchestrator platform, please visit their website.
NOTES:
Between mid October 2019 and mid February 2020 everyone in the Army was migrated to use their PIV Authentication certificate for Email access. You no longer use the Email certificate for Enterprise Email.
Mac users who choose to upgrade (or already have upgraded) to Mac OS Catalina (10.15.x) or Big Sur (11.x.x) will need to uninstall all 3rd Party CAC enablers per https://militarycac.com/macuninstall.htm AND reenable the built in smart card ability (very bottom of macuninstall link above)
If you purchased your Mac with OS Catalina (10.15.x) or Big Sur (11.x.x) already installed, you can skip the uninstall part above and follow the instructions below.
Signing of PDFs should work in Mac OS Catalina (10.15.x) and Big Sur (11.x.x) by adjusting these settings.
Mac users with Mac OS 10.14.x and newer (with 64 bit-processor) can verify if their CAC is blocked by using the Smart Card Utility app
Follow Tables 1 through 4 below:
PLEASE READ the preliminary Information before you start:
Preliminary Information 1: Restart your computer after installing the CAC enabler before trying to access the CAC enabled site
Preliminary Information 2: Installing multiple enabling programs will cause your system to NOT work. Here's how to uninstall CAC enablers.
Preliminary Information 3: The CACkey CAC enabler will ask for a 'keychain password' (like the image below). You need to enter your CAC PIN. Make sure if it asks for your Keychain password after you select your CAC certificate, that you use your CAC [6-8 digit / all number] PIN.
If you block your CAC, you'll have to visit an ID card office to get it unblocked. PKard has the capability to show you when your CAC is blocked. Mac OS 10.15.x and 10.14.x can download this app
Table 1: See which CAC enabling program will work with your version of Mac OS
Once you've decided, go to Table 2
Compatible with: | CAC Key | PKard | Mac OS Big Sur Built In | Mac OS Catalina Built In | Mac OS Mojave Built In | Mac OS High Sierra Built In | Mac OS Sierra Built In | Open SC | Smart Card Service | Activ Client for Mac | Trusted End Node Security (TENS) |
Big Sur (11) (M1 chip) | N/A | N/A | N/A | N/A | |||||||
Big Sur (11) (Intel chip) | Note6 | N/A | N/A | N/A | N/A | ||||||
Catalina (10.15.x) | N/A | Note6 | N/A | N/A | N/A | Note7 | |||||
Mojave (10.14.x) | Note3 | Note3 | N/A | N/A | Note3 | N/A | N/A | ||||
High Sierra (10.13.x) | Note3 Note5 | Note3 Note5 | N/A | N/A | N/A | Note3 | N/A | Note4 | |||
Sierra (10.12.x) | Note3 Note5 | Note2 Note5 | N/A | N/A | N/A | N/A | Note3 | ||||
El Capitan (10.11.x) | N/A | N/A | N/A | N/A | N/A | ||||||
Yosemite (10.10.x) | N/A | N/A | N/A | N/A | N/A | ||||||
Mavericks (10.9.x) | N/A | N/A | N/A | N/A | N/A | ||||||
Mountain Lion (10.8.x) | N/A | N/A | N/A | N/A | N/A | ||||||
Lion (10.7.x) | N/A | N/A | N/A | N/A | N/A | ||||||
Snow Leopard (10.6.x) | N/A | N/A | N/A | N/A | N/A | ||||||
Leopard (10.5.x) | N/A | N/A | N/A | N/A | N/A | Note1 |
Note2:Need version 1.7 (or above)
Note3: Apple computers with Mac OS Big Sur (Intel), Catalina, Mojave, High Sierra, and Sierra have a 'built in Smart Card ability,' meaning 3rd party CAC enablers are no longer needed. Please uninstall all CAC enablers you have installed
Note4: One person has informed me this works for him, but NOT when using Safari. Only using Chrome.
Note5: With Mac OS Sierra and High Sierra, you must use Google Chrome. Safari is not 'CAC compatible.' You may also update your computer to Mojave (or newer), then use Safari again.
Note6: Mac OS Catalina will not work with 3rd party CAC enablers installed. Please uninstall all CAC enablers you have installed. INFORMATION: There was an issue with 10.15.4. If this is the version you have, please update to 10.15.5 or above
Note7: I have a few reports that this enabler works with Mac OS Catalina
Table 2: Verify the CAC enabling program you selected above will work with your specific CAC.
Once you've decided, go to Table 3
Compatible with: | CAC Key | PKard | Mac OS Big Sur Built In | Mac OS Catalina Built In | Mac OS Mojave Built In | Mac OS High Sierra Built In | Mac OS Sierra Built In | Open SC | Smart Card Services | Activ Client for Mac | Trusted End Node Security (TENS) |
G+D FIPS 201 SCE 3.2 | Note1 | Note1 | Note1 | ||||||||
G+D FIPS 201 SCE 7.0 | Note1 | Note1 | Note1 | Note1 | |||||||
GEMALTO TOP DL GX 4 144 | Note1 | Note1 | Note1 | Note1 | Note1 | Note1 | |||||
GEMALTO DL GX4-A 144 | Note2 | Note1 | |||||||||
Oberthur ID One 128 v5.5 Dual | Note1 | Note1 | Note1 | Note1 | Note1 | ||||||
Oberthur ID One 128 v5.5a D | Note1 |
Note1: I haven't heard of anyone with this CAC and specific enabler. If you have one and have successfully used your CAC with the question marked enabler above, please contact me
Note2: Will not work with Mac OS 10.15.7, works with previous versions
Table 3: Verify the CAC enabling program you selected in tables 1 & 2 is:
a. Compatible with Firefox (if you plan to use this web browser),
b. Will read your PIV Authentication certificate,
c. Will allow you to digitally sign PDFs,
d. Can show you when your CAC is blocked,
e. You want support from the vendor, or
f. You want it for free, or pay for it
Once you've decided, go to Table 4
and click the link to the CAC enabler you decided to use.
Compatible with: | CACKey | PKard | Mac OS Big Sur Built In | Mac OS Catalina Built In | Mac OS Mojave Built In | Mac OS High Sierra Built In | Mac OS Sierra Built In | Open SC | Smart Card Services | Activ Client for Mac | Trusted End Node Security (TENS) |
Firefox web browser | |||||||||||
Reads PIV Authentication certificate | Note1 | Note1 | Note1 | Note1 | |||||||
Will allow you to digitally sign PDFs | Note2 | Note2 | Note2 | Note2 | Note2 | ||||||
Can show when CAC is blocked | Note3 | Note3 | Note3 | ||||||||
Vendor provides support | help | help | |||||||||
Costs Money |
Note1: PIV cert has to already be exposed
Note2: Signing of PDFs on Mac OS Catalina (10.15.x), Mojave (10.14.x), High Sierra (10.13.x), & Sierra (10.12.x) can be corrected by following these settings. Some others have installed OpenSC and claim it works.
Note3: You can see if your CAC is blocked by downloading this app (https://apps.apple.com/us/app/smart-card-utility/id1444710309?mt=12) Mac OS native does not have this capability built in.
Table 4: Click link below for the CAC enabler you decided to use based on the criteria in tables 1-3 above
Centrify Express For Mac Smart Card Services
DO NOT INSTALL a CAC Enabler in Big Sur (11.0), Catalina (10.15.x), Mojave (10.14.x), High Sierra (10.13.x), or Sierra (10.12.x) as they all have a built in Smart Card ability.
CAC Enabler |
CACKey |
PKard from Thursby |
OpenSC You must remove all 3rd party enablers prior to installing |
Keychain-PKCS11 |
Smart Card Services |
ActivClient for Mac sold only by: SCB Solutions |
Trusted End Node Security (TENS) formerly LPS |
Navy users:
If you still have problems, here is a helpful Navy specific page
Specifics for the following versions of Mac OS can be found at these links:
Big Sur (M1) Coming Soon | (11.0) |
Big Sur (Intel) | (11.0) |
Catalina | (10.15.x) |
Mojave | (10.14.x) |
High Sierra | (10.13.x) |
Sierra | (10.12.x) |
El Capitan | (10.11.x) |
Yosemite | (10.10.x) |
Mavericks | (10.9.x) |
Mountain Lion | (10.8.x) |
Lion | (10.7.x) |
Snow Leopard | (10.6.x) |
Leopard | (10.5.x) |
The six (6) current CAC Types are...
Look at the back of your ID card (above the black strip) for one of the examples below. If you have any other version, you need to visit an ID card office and have it replaced. All CACs other than these shown below were to be replaced prior to 1 October 2012.
Find out how to flip card over video
Information / download links
Supports Mac OS High Sierra (10.13.x) and Mojave (10.14.x) NOT Catalina (10.15.x)
Purchase PKard from Thursby Software
Centrify Express For Mac Smart Card Pairing
PKard demo (click Videos tab)
Thursby offers US phone, email, and forums support for the software they've been developing for over 10 years and is 100% made in the USA
If you have Centrify Express installed, you can see / verify if your CAC is blocked.
Select Go > Utilities > Centrify
Double click: Smart Card Assistant
Look under status for: Card is locked
NOTE: If Card status is blank, the card is not blocked
Centrify Express For Mac Smart Card Reader Software
If you are still having problems, contact us.
If you have questions or suggestions for this site, contact Michael J. Danberry
Centrify Express For Mac Smart Card Reader
Are you interested in subscribing to the CACNews email lists?