Smart Card MDM payload settings for Apple devices
You can configure Smart Card settings for Mac computers enrolled in a mobile device management (MDM) solution. Use the Smart Card payload to manage specific settings for Smart Cards. User overrides aren’t permitted.
The Smart Card payload supports the following. For more information, see Payload information.
Supported payload identifier: com.apple.security.smartcard
Supported operating systems and channels: macOS device.
Supported enrolment methods: Device Enrolment, Automated Device Enrolment.
Duplicates allowed: False — only one Smart Card payload can be delivered to a device.
You can use the settings in the table below with the Smart Card payload.
Setting | Description | Required | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Smart Card use | Specify whether users can use a smart card for logins, authorisations and screen saver unlocking. Smart cards can still be used for signing mail messages, web access and other services. The Mac must be restarted for this change to take effect. | No | |||||||||
User pairing | Specify whether users can For more information, see any new pairing dialogues. Existing pairings still work. | No | |||||||||
Restrict one smart card per user | Specify whether users can pair with only one smart card. Existing pairings for that user still work. | No | |||||||||
Enable screen saver | When a smart card is removed, the screen saver is automatically turned on. | No | |||||||||
Check the certificate trust | Configure one of these options:
| No |
Note: Each MDM vendor implements these settings differently. To learn how Smart Card settings are applied to your devices, consult your MDM vendor’s documentation.