Hi Spiceworks community,
We are looking at using the YubiKey 4 device as a smart card in order to meet 2FA requirements in our company.
Also, we have several third-party apps that are AD integrated using username/password for login.
My question is if we force a smart card interactive logon (which uses PIN), could we continue to use the AD password for the third-party apps?
Is there another way to accomplish this or do all the apps have to be integrated with the smart card?
4 Spice ups
I believe I’ve answered my question. I will share here in case anyone elses has this issue.
When you check the Force SmartCard Interactive Logon box in the user attributes window, the system generates a 255-byte password.
You can then reset user password and change it back to the original user AD password (or new one) and be able to use that for your AD integrated apps.
You will still use the PIN at the Windows Logon UI.
furicle
(furicle)
3
Just wondering if that will cause you issues when the default policy won’t let them re-use old passwords?
