Smart Policy
Painless smart card integration with Active Directory — no extra PKI to manage.
Try for free
Test all features of Smart Policy with a free trial — no credit card required.
Request a trialPurchase a license
Buy or renew your Smart Policy license. Volume discounts available.
Go to the shopIntegrating existing smart cards — CAC, EID, NHS, CPS, and more — into an Active Directory forest is notoriously complex. Even experienced specialists face repeated configuration attempts, with cryptic errors like "The system could not log you on" or "The smart card certificate used for authentication was not trusted."
Smart Policy eliminates this pain — it automates the discovery, compliance check, and binding of certificates to AD accounts.
Since Smart Policy integrates existing smart cards directly into Active Directory, there is no additional PKI to deploy, no tokens to purchase — making it a nearly free second-factor authentication for large environments.
Smart Policy follows a 3-stage process:
Acquisition
The end user submits their certificate via the web collector or the desktop client.
Compliance check
A Security Officer reviews the certificate — verifying the issuing CA and that the identity matches the IAM system.
Configuration
An operator (or an automated system like FIM) binds the certificate to the user's Active Directory account.
Operating system
- Windows Vista / Server 2008 or later — to run the Configuration Wizard
- Windows 2000 or later — for UPN mapping (CAC smart cards)
- Windows Vista / Server 2008 or later — for Explicit mapping (EID smart cards)
SmartPolicy supports two certificate-to-account mapping techniques: UPN mapping (modifies the account UPN when the certificate includes a UPN) and Explicit mapping (adds the certificate subject to the AltSecurityIdentities attribute).
Required components
- Active Directory Certificate Services
ADCS is required to provision certificates to domain controllers using the "Domain Controller Authentication" template.