Centrify Express For Mac Smart Card

  1. Centrify Express For Mac Smart Card Services
  2. Centrify Express For Mac Smart Card Pairing
  3. Centrify Express For Mac Smart Card Reader Software
  4. Centrify Express For Mac Smart Card Reader
[prMac.com] Sunnyvale, California - Centrify Corporation, the leading provider of Microsoft Active Directory-based identity and access management and auditing solutions for non-Microsoft platforms, today announced that Centrify DirectControl(R) for Mac OS X has achieved McAfee Compatible status under the McAfee(R) Security Innovation Alliance(TM) partner program. As part of this program, Centrify has integrated its Centrify DirectControl for Mac OS X with McAfee ePolicy Orchestrator(R) (McAfee ePO(TM)) software to help enterprises better manage their computing assets and improve their compliance with regulations.

Most CACs are supported by the Smartcard Services package, however Oberthur ID One 128 v5.5 CACs are not. Third party middleware is available that will support these CACS; two such options are Thursby Software’s PKard and Centrify’s Express for Smart Card. . Enhanced smart card support for Apple Mac OS X versions 10.7 and 10.6 for the CAC, CACNG, and PIV smart cards, including the Oberthur ID One 128 v 5.5 Dual Smart Card.


Card stock you have, look at the back of your CAC above the magnetic strip. Most CACs are supported by the Smartcard Services package, however Oberthur ID One 128 v5.5 CACs are not. Third-party middleware is available that will support these CACS; two such options are Thursby Software’s PKard and Centrify’s Express for Smart Card. Uninstalling Centrify Express for Smart Card To remove Centrify Express for Smart Card follow these steps: In the Finder, navigate to /Applications/Utilities/Centrify and double click on the Smart Card Assistant application. Click the Uninstall button. Related Articles TIPS A Centrify Server Suite Cheat Sheet HOWTO: Manually install and join AD with the Centrify Express agent Cheat Sheet - DirectAudit Commands on Unix & Linux Systems Basics Understanding how Active Directory Functional Levels affect Centrified Systems How To Setup Centrify PIM for Google Compute Engine Linux VM Instances Basics Centrify Zone schemas, UNIX identity.

Centrify's DirectControl for Mac OS X enables administrators to centralize user management and smart card login within Microsoft Active Directory and to enforce desktop lockdown controls over user and Mac system configurations through Windows Group Policy. Centrify DirectControl for Mac OS X's integration with McAfee ePO software enables administrators to import computer information for heterogeneous desktop environments into McAfee ePO databases, deploy and manage Centrify's software agents onto these systems using McAfee ePO software, and view deployment coverage reports. As a result, IT security and help desk teams can now manage and secure Mac systems in the same way they manage Microsoft Windows PCs - using the same familiar Windows-based tools and processes.
'We're pleased to promote Centrify to Technology Partner status,' said Ed Barry, senior director of the McAfee Security Innovation Alliance. 'By deploying our newly integrated solutions, our joint customers can reduce operational costs, achieve greater protection and improve their overall compliance.'
'Centrify is excited to be a part of the McAfee Security Innovation Alliance program and to have achieved compatibility with the McAfee ePO platform,' said Frank Cabri, vice president of marketing and business development for Centrify. 'Our joint customers will value the integration of these key McAfee and Centrify technologies, which together will help simplify deployments and reduce security risks across their Mac environment.'
About McAfee ePO Platform and McAfee Security Innovation Alliance Program
McAfee ePolicy Orchestrator is the first platform that lets enterprises and governments centrally manage security and compliance products from multiple vendors, offering unprecedented cost savings and return on investment. With more than 35,000 customers managing security and compliance on more than 60 million PCs and servers, this unique platform is helping McAfee Security Innovation Alliance partners to extend their reach and create complementary functionality. For more information on the McAfee Security Innovation Alliance and McAfee ePolicy Orchestrator platform, please visit their website.

NOTES:

Between mid October 2019 and mid February 2020 everyone in the Army was migrated to use their PIV Authentication certificate for Email access. You no longer use the Email certificate for Enterprise Email.

Mac users who choose to upgrade (or already have upgraded) to Mac OS Catalina (10.15.x) or Big Sur (11.x.x) will need to uninstall all 3rd Party CAC enablers per https://militarycac.com/macuninstall.htm AND reenable the built in smart card ability (very bottom of macuninstall link above)

If you purchased your Mac with OS Catalina (10.15.x) or Big Sur (11.x.x) already installed, you can skip the uninstall part above and follow the instructions below.

Signing of PDFs should work in Mac OS Catalina (10.15.x) and Big Sur (11.x.x) by adjusting these settings.

Mac users with Mac OS 10.14.x and newer (with 64 bit-processor) can verify if their CAC is blocked by using the Smart Card Utility app https://apps.apple.com/us/app/smart-card-utility/id1444710309?mt=12

Follow Tables 1 through 4 below:

PLEASE READ the preliminary Information before you start:

Preliminary Information 1: Restart your computer after installing the CAC enabler before trying to access the CAC enabled site

Preliminary Information 2: Installing multiple enabling programs will cause your system to NOT work. Here's how to uninstall CAC enablers.

Preliminary Information 3: The CACkey CAC enabler will ask for a 'keychain password' (like the image below). You need to enter your CAC PIN. Make sure if it asks for your Keychain password after you select your CAC certificate, that you use your CAC [6-8 digit / all number] PIN.

If you block your CAC, you'll have to visit an ID card office to get it unblocked. PKard has the capability to show you when your CAC is blocked. Mac OS 10.15.x and 10.14.x can download this app to verify if their card is blocked: https://apps.apple.com/us/app/smart-card-utility/id1444710309?mt=12

Table 1: See which CAC enabling program will work with your version of Mac OS

Once you've decided, go to Table 2

Compatible with:CAC
Key
PKardMac OS
Big Sur
Built In
Mac OS Catalina
Built In
Mac
OS Mojave
Built In
Mac OS High Sierra
Built
In
Mac OS Sierra
Built
In
Open
SC
Smart Card ServiceActiv
Client for Mac
Trusted End
Node Security (TENS)
Big Sur (11) (M1 chip) N/A N/A N/A N/A
Big Sur (11) (Intel chip)
Note6
N/A N/A N/A N/A
Catalina
(10.15.x)
N/A
Note6
N/A N/A N/A

Note7
Mojave (10.14.x)
Note3

Note3
N/A N/A
Note3
N/A N/A
High Sierra (10.13.x)
Note3
Note5

Note3
Note5
N/A N/A N/A

Note3
N/A
Note4
Sierra (10.12.x)
Note3
Note5

Note2
Note5
N/A N/A N/A N/A
Note3
El Capitan (10.11.x) N/A N/A N/A N/A N/A
Yosemite (10.10.x) N/A N/A N/A N/A N/A
Mavericks (10.9.x) N/A N/A N/A N/A N/A
Mountain Lion (10.8.x) N/A N/A N/A N/A N/A
Lion (10.7.x) N/A N/A N/A N/A N/A
Snow Leopard (10.6.x) N/A N/A N/A N/A N/A
Leopard (10.5.x) N/A N/A N/A N/A N/A

Note1
Note1: Computer must have an Intel processor, will not work with a PPC processor

Note2:Need version 1.7 (or above)

Note3: Apple computers with Mac OS Big Sur (Intel), Catalina, Mojave, High Sierra, and Sierra have a 'built in Smart Card ability,' meaning 3rd party CAC enablers are no longer needed. Please uninstall all CAC enablers you have installed

Note4: One person has informed me this works for him, but NOT when using Safari. Only using Chrome.

Note5: With Mac OS Sierra and High Sierra, you must use Google Chrome. Safari is not 'CAC compatible.' You may also update your computer to Mojave (or newer), then use Safari again.

Note6: Mac OS Catalina will not work with 3rd party CAC enablers installed. Please uninstall all CAC enablers you have installed. INFORMATION: There was an issue with 10.15.4. If this is the version you have, please update to 10.15.5 or above

Note7: I have a few reports that this enabler works with Mac OS Catalina

Table 2: Verify the CAC enabling program you selected above will work with your specific CAC.

Once you've decided, go to Table 3

Centrify Express For Mac Smart Card
Compatible with:CAC
Key
PKardMac OS
Big Sur
Built In
Mac OS Catalina Built InMac OS Mojave Built InMac OS High Sierra Built InMac OS Sierra Built InOpen
SC
Smart Card ServicesActiv
Client for Mac
Trusted End
Node Security (TENS)
G+D FIPS 201 SCE 3.2
Note1

Note1

Note1
G+D FIPS 201 SCE 7.0
Note1

Note1

Note1

Note1
GEMALTO TOP DL GX 4 144
Note1

Note1

Note1

Note1

Note1

Note1
GEMALTO DL GX4-A 144
Note2

Note1

Oberthur ID One 128 v5.5 Dual
Note1

Note1

Note1

Note1

Note1

Oberthur ID One 128 v5.5a D
Note1

Note1: I haven't heard of anyone with this CAC and specific enabler. If you have one and have successfully used your CAC with the question marked enabler above, please contact me

Note2: Will not work with Mac OS 10.15.7, works with previous versions

Table 3: Verify the CAC enabling program you selected in tables 1 & 2 is:

a. Compatible with Firefox (if you plan to use this web browser),

b. Will read your PIV Authentication certificate,

c. Will allow you to digitally sign PDFs,

d. Can show you when your CAC is blocked,

e. You want support from the vendor, or

f. You want it for free, or pay for it

Once you've decided, go to Table 4

and click the link to the CAC enabler you decided to use.

Compatible with:CACKeyPKardMac OS
Big Sur
Built In
Mac OS Catalina Built InMac OS Mojave Built InMac OS High Sierra Built In Mac OS Sierra Built InOpen
SC
Smart Card ServicesActiv
Client for Mac
Trusted End Node Security (TENS)
Firefox web browser
Reads PIV Authentication
certificate

Note1

Note1

Note1

Note1
Will allow you to digitally sign PDFs
Note2

Note2

Note2

Note2

Note2
Can show when CAC is blocked
Note3

Note3

Note3
Vendor provides support
help

help
Costs Money

Note1: PIV cert has to already be exposed

Note2: Signing of PDFs on Mac OS Catalina (10.15.x), Mojave (10.14.x), High Sierra (10.13.x), & Sierra (10.12.x) can be corrected by following these settings. Some others have installed OpenSC and claim it works.

Note3: You can see if your CAC is blocked by downloading this app (https://apps.apple.com/us/app/smart-card-utility/id1444710309?mt=12) Mac OS native does not have this capability built in. Please know, it ONLY works for Mac OS 10.14.x and 10.15.x Macs running a 64-bit Intel processor. It did NOT work on my Intel or M1 Mac OS 11.xx.x. IF it shows your card reader name as (LOCKED), you will have to visit an ID card office to get your card unblocked. https://www.dmdc.osd.mil/rsl will help you find the nearest one to your location.

Table 4: Click link below for the CAC enabler you decided to use based on the criteria in tables 1-3 above

Centrify Express For Mac Smart Card Services

DO NOT INSTALL a CAC Enabler in Big Sur (11.0), Catalina (10.15.x), Mojave (10.14.x), High Sierra (10.13.x), or Sierra (10.12.x) as they all have a built in Smart Card ability.

CAC Enabler
CACKey
PKard from Thursby
OpenSC You must remove all 3rd party enablers prior to installing
Keychain-PKCS11
Smart Card Services
ActivClient for Mac sold only by: SCB Solutions
Trusted End Node Security (TENS) formerly LPS

Navy users:

If you still have problems, here is a helpful Navy specific page

Specifics for the following versions of Mac OS can be found at these links:

Big Sur (M1)
Coming Soon
(11.0)
Big Sur (Intel)(11.0)
Catalina(10.15.x)
Mojave(10.14.x)
High Sierra(10.13.x)
Sierra(10.12.x)
El Capitan(10.11.x)
Yosemite(10.10.x)
Mavericks(10.9.x)
Mountain Lion(10.8.x)
Lion(10.7.x)
Snow Leopard(10.6.x)
Leopard(10.5.x)

The six (6) current CAC Types are...

Look at the back of your ID card (above the black strip) for one of the examples below. If you have any other version, you need to visit an ID card office and have it replaced. All CACs other than these shown below were to be replaced prior to 1 October 2012.

Find out how to flip card over video

Information / download links

Supports Mac OS High Sierra (10.13.x) and Mojave (10.14.x) NOT Catalina (10.15.x)

Purchase PKard from Thursby Software

Centrify Express For Mac Smart Card Pairing

PKard demo (click Videos tab)

Thursby offers US phone, email, and forums support for the software they've been developing for over 10 years and is 100% made in the USA

If you have Centrify Express installed, you can see / verify if your CAC is blocked.

Select Go > Utilities > Centrify

Double click: Smart Card Assistant

Look under status for: Card is locked

NOTE: If Card status is blank, the card is not blocked

Centrify Express For Mac Smart Card Reader Software

If you are still having problems, contact us.

If you have questions or suggestions for this site, contact Michael J. Danberry

Centrify Express For Mac Smart Card Reader

Are you interested in subscribing to the CACNews email lists?