Smart Card¶
Template
This payload controls restrictions and settings for SmartCard pairing on macOS v10.12.4 and later.
Contents
Summary¶
| PayloadType: | com.apple.smartcard |
|---|---|
| Supervised Only: | |
| N/A | |
| macOS: | 10.12.4 |
| macOS Deprecated: | |
| N/A | |
| iOS: | N/A |
| iOS Deprecated: | N/A |
| Highlander: | N/A |
Keys¶
UserPairing¶
Enable user pairing dialog
Optional. If false, users will not get the pairing dialog, although existing pairings will still work. Default is true.
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| boolean | True | N/A | N/A | N/A | N/A | N/A |
allowSmartCard¶
Allow SmartCard Unlock
Optional. If false, the SmartCard is disabled for logins, authorizations, and screensaver unlocking. It is still allowed for other functions, such as signing emails and web access. A restart is required for a change of setting to take effect. Default is true.
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| boolean | True | N/A | N/A | N/A | N/A | N/A |
checkCertificateTrust¶
Verify certificate trust
Optional. If true, certificates on the card must be valid in these ways: its issuer is system-trusted, the certificate is not expired, its “valid-after” date is in the past, and it passes CRL and OCSP checking. User overrides are not allowed. Usually this key is set to true for SmartCard use in corporate environments. Default is false.
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| boolean | False | N/A | N/A | N/A | N/A | N/A |
oneCardPerUser¶
User can only pair with one card
Optional. If true, a user can pair with only one smart card, although existing pairings will be allowed if already set up. Default is false.
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| boolean | False | N/A | N/A | N/A | N/A | N/A |