Smart Card

Template

This payload controls restrictions and settings for SmartCard pairing on macOS v10.12.4 and later.

Summary

PayloadType:com.apple.smartcard
Supervised Only:
 N/A
macOS:10.12.4
macOS Deprecated:
 N/A
iOS:N/A
iOS Deprecated:N/A
Highlander:N/A

Keys

UserPairing

Enable user pairing dialog

Optional. If false, users will not get the pairing dialog, although existing pairings will still work. Default is true.

Type Default Required Regex iOS macOS Supervised
boolean True N/A N/A N/A N/A N/A

allowSmartCard

Allow SmartCard Unlock

Optional. If false, the SmartCard is disabled for logins, authorizations, and screensaver unlocking. It is still allowed for other functions, such as signing emails and web access. A restart is required for a change of setting to take effect. Default is true.

Type Default Required Regex iOS macOS Supervised
boolean True N/A N/A N/A N/A N/A

checkCertificateTrust

Verify certificate trust

Optional. If true, certificates on the card must be valid in these ways: its issuer is system-trusted, the certificate is not expired, its “valid-after” date is in the past, and it passes CRL and OCSP checking. User overrides are not allowed. Usually this key is set to true for SmartCard use in corporate environments. Default is false.

Type Default Required Regex iOS macOS Supervised
boolean False N/A N/A N/A N/A N/A

oneCardPerUser

User can only pair with one card

Optional. If true, a user can pair with only one smart card, although existing pairings will be allowed if already set up. Default is false.

Type Default Required Regex iOS macOS Supervised
boolean False N/A N/A N/A N/A N/A