Issue a token or smartcard to a security officer

When SafeGuard Enterprise is installed for the first time, the first security officer (SO) can issue a token for themselves and specify the logon mode. For all other security officers, tokens are issued in the SafeGuard Management Center.
  • The token must be initialized and the relevant PKCS#11 module must be activated.
  • You need the rights to make entries for the SO.
  1. In the SafeGuard Management Center, click Security Officers.
  2. Connect the token to the USB interface. SafeGuard Enterprise reads in the token.
  3. In the navigation window on the left, mark Security Officer and select New > New security officer from the context menu.

    The New security officer dialog is displayed.

  4. With the Token logon field, specify the type of logon for the SO:
    • To enable the SO to authenticate either with or without a token, select Optional.

    • To make token logon mandatory for the SO, select Mandatory.

      With this setting, the private key remains on the token. The token must always be plugged in, or the system will need to be restarted.

  5. Next you specify the SO certificate.
    • To create a new certificate, click the Create button next to the Certificate drop-down list.

      Enter the password for the certificate twice and click OK to confirm it.

      Specify the location for saving the certificate.

    • To import certificates, click the Import next to the Certificate drop-down list and open the relevant certificate file.

      Searching is first done in a certificate file, then on the token. The certificates may remain in whatever the storage location is.

  6. Under Roles, activate the roles that are to be assigned to the SO.
  7. Confirm the entries with OK.

The SO is created, the token is issued, the logon data is written on the token (depending on the setting), and the token information is saved in the SafeGuard Enterprise Database. You can display the data in the Token area in the Token Information tab.