Management Console: Configuring Common Access Card Authentication

ProfileUnity with FlexApp provides support for using Common Access Card (CAC) authentication when logging in to the ProfileUnity Management Console. CAC authentication provides a higher level of security by requiring a two-factor authentication process involving a smart card and a PIN.

ProfileUnity’s CAC Secure Mode is compatible with Microsoft Windows Server 2016, 2019, and 2022. The server should already have the CAC software installed and working.

To configure CAC Secure Mode, complete the following steps:

  1. Install the ProfileUnity Management Console on Windows Server if not previously done.
  2. Log in to the ProfileUnity Management Console.
  3. Hover over your username in the top right corner of the screen.
  4. In the drop-down menu that appears, click Administration.
  5. The Administration screen opens with the Settings tab displayed.
  6. Click the Users And Roles tab in the top right corner of the screen.
  7. In the User Management field, click the name of a user that is linked to Active Directory. If one does not already exist, click the Add User button and create one.
  8. In the Role Management field, enter the Active Directory username and password to serve as the Service Account for Deployment.
  9. Click the Add/Update button.
  10. In the top right corner of the Administration screen, click the Settings tab.
  11. Scroll down to the Miscellaneous section.
  12. Select the Enable CAC Secure Mode checkbox.
  13. Click the Select Certificate Authorities from Local Machine Root field, then pick one or more certificate authorities to use from the drop-down list that appears.
  14. Select the Enable CAC Certificate Revocation List Cache checkbox.
  15. Select the Enable Secure Banner Text checkbox.
  16. Review the Secure Banner Text and the Secure Login Banner Text and make any necessary edits.
  17. Click the Update button in the top right corner of the screen.
  18. Restart the ProfileUnity service.

Troubleshooting Steps

If you see a 403 Forbidden error message, you are not authenticated with a CAC card. To resolve this issue, complete the following steps:

  1. Close the current browser and reopen.
  2. Connect to the ProfileUnity console URL.
  3. Select the appropriate certificate.
  4. Enter the PIN when prompted.

If these steps fail, you might need to disable CAC authentication. To turn off CAC mode in the user interface, stop the ProfileUnity Console service, and then run the following command in an Administrator Command Prompt:

Copy 
C:\Program Files (x86)\Liquidware Labs\ProfileUnity\profileunity.host.exe /govmode:false

If the command executes correctly, the following code should appear: