- Getting started
- Best practices
- Tenant
- About the Tenant Context
- Searching for Resources in a Tenant
- Managing Robots
- Connecting Robots to Orchestrator
- Setup Samples
- Storing Robot Credentials in CyberArk
- Setting up Attended Robots
- Setting up Unattended Robots
- Storing Unattended Robot Passwords in Azure Key Vault (read-only)
- Storing Unattended Robot Credentials in HashiCorp Vault (read-only)
- Deleting Disconnected and Unresponsive Unattended Sessions
- Robot Authentication
- Robot Authentication With Client Credentials
- SmartCard Authentication
- Audit
- Resource Catalog Service
- Folders Context
- Automations
- Processes
- Jobs
- Triggers
- Logs
- Monitoring
- Queues
- Assets
- Storage Buckets
- Test Suite - Orchestrator
- Other Configurations
- Integrations
- Classic Robots
- Host administration
- Organization administration
- Troubleshooting
Orchestrator User Guide
SmartCard Authentication
SmartCard (Common Access Cards or Personal Identity Verification Cards) authentication is a secure way to authenticate unattended Robots, in addition to basic authentication credentials. A SmartCard has a unique PIN. Multiple users can be registered to a card, in which case all users have the same PIN. A user can also be registered to multiple cards, in which case multiple PINs are used for the same user.
Both virtual and physical cards can be used for authentication, as long as they are part of a single Active Directory domain. The corresponding user must belong to the same domain. Virtual card authentication is only possible on Windows 8.1 and above.
It is highly recommended to consult your company’s password policy before using the SmartCard authentication method. Credentials for a Robot that authenticates with a SmartCard may be stored in either the SQL Server or CyberArk. Find out more about storing Robot credentials in CyberArk here.
To enable SmartCard authentication, select Smart Card when configuring the credential type at the user level. This option is only available if the Features.SmartCardAuthentication.Enabled parameter is set to True.