How to issue an AD Windows certificate to a secure ID card with SMS validation

Reading Time: 2 minutes

Getting an AD Windows certificate (Active Directory certificate) on a smart card is an essential step to go passwordless and get a nameless login. This process can be done on a complete administrative level or – even better – it can be done by the end user on a self-service basis. The Liga GlobalID self-service application enables the end user to issue the certificate to the card and verifies the issuing process with an SMS to the user’s phone.

In tis video we will show you how to issue an AD Windows certificate to a smart card with SMS validation:

The admin gets the ball rolling

Susanne, our end user in this use case, is a new employee at the Technical University that needs access to the IT system. The admin starts this process by going to the Liga GlobalID Admin Portal. In this case, it’s a straightforward, smart card order. However, there are additional various options for configuring integration to door systems, smart card systems, and even the canteen system.

The admin orders a certificate with validation via a SMS message sent to Susanne’s phone. Immediately we see the order is success, which means that the system has now picked up the order and is ready for the next process.

She is waiting on PINs and needles

It’s now Susanne’s turn. Susanne will go to her PC, put the card into the machine, and login as the user to the self-service application. There it is. It took just a few seconds. The client updated itself and now shows the user that there is one new order waiting.

After clicking activate, she is prompted to choose a PIN code for her new secure token. This PIN code is something she has to pick herself which means that no one in the world beyond her is aware of this code. She then receives a text message to verify her user’s identity.  After adding her one-time code, she clicks next, and waits a few seconds. Success. The card has now been issued; the token is ready for use.

Once she logs out, there are two options. She can sign-in with username and password – just like where she began. But now she has the option of choosing the certificate and can just enter her PIN code in order to log into the Windows machine as Susanne.

Learn more about Liga GlobalID >

Make it easy for the help desk

If we go back to the administrative system, we can see that Susanne now has a valid certificate and a smart card. By clicking on the smart card, we can see that the certificate is on the specific card. If she loses this card, she only has to call the help desk and they will be able to revoke the card and block access. Card cancellation is also a service that Susanne can do herself in the self-service portal, either via our browser access or via the client on the Windows computer.

Who would have thought that going passwordless could be so simple?


Identity is the new perimeter. Address the most urgent cyber security issue with our GlobalID Platform for securing your users.

Want to see it live?

Let us show you how GlobalID actually works! Fill in your details and we’ll get back to you to find a date for an online demo that fits your calendar.