Certificate-Based Authentication is disabled by default on macOS. To enable this feature, modify the HYPR Workforce Client application configuration as follows:
- Open the
- Save changes
- Restart the computer to apply changes
If you're using ADCS to manage computers in the domain, you'll also need to create the Authentication Certificate Template. For more information, see Custom Certificate Templates.
HYPR Mobile App login is done using the emulated Smartcard. By default, when a user enters their password to decrypt the FileVault disk at boot, the password will be passed through, and a smart card will not be used for login, even if you configure it to be required.
To change this so that the user will not automatically be logged in and will be shown the login screen, run the command below in Terminal:
sudo defaults write /Library/Preferences/com.apple.loginwindow DisableFDEAutoLogin -bool YES
When you have this enabled, users will be required to authenticate with HYPR after unlocking the FileVault with the password.
Updated 4 months ago