PIV Login for Macs

As of November 1, 2015, all Mac users at NIH are required to log in with a smart card.

 

What is PIV Login for Macs?

PIV Login for Macs is an ongoing initiative to implement the federally mandated smart card login requirement on Apple Macintosh computers at NIH. Once the initiative is complete, Mac users will be required to log into their computers using a HHS ID smart card, such as a Personal Identity Verification (PIV) card, Restricted Local Access (RLA) badge, or an Alternate Logon Token (ALT card).

Smart card login will be enacted through a custom-developed software plugin (NIHAuthPlugin). The process for installing the plugin will be conducted in a staggered manner by IC Smart card login will be enacted through a custom-developed software plugin (NIHAuthPlugin). The process for installing the plugin will be conducted in a staggered manner by IC. Smart card login is already required for Windows computers at NIH.

For information on policy requirements for PIV Login view Smart Card Policies.

 

How to Log Into a Mac With a Smart Card

For instructions on logging into a Mac with a smart card view How to log into your Mac with your PIV Card.

 

Impact on FileVault and Keychain Passwords

Once PIV login for Macs is enabled, it will impact the passwords for the Mac applications FileVault and Keychain. The following sections describe the impact and provide links to additional instructions.

FileVault Password Update if you change your NIH password while your computer is NOT connected to the NIH network, FileVault will continue to use your old password until it is updated. For instructions on updating your FileVault password, view How to Update the FileVault Password.

Note: If you become locked out of FileVault, contact your IC’s local IT support group for assistance.

Keychain Password Update the first time you log into your Mac using a PIV, you will be prompted to update your Keychain password. Update the Keychain password using the PIN associated with your PIV. For instructions, view Update Your Keychain Password.

Note: Mac users should always log into their computers using a PIV and PIN. PIV login provides better security and avoids having to reset the Keychain password repeatedly.

Additionally, if you log into your Mac differently than the previous login β€” For example: using your NIH username and password to login after previously using your PIV card β€” a dialog box will appear indicating the system was unable to unlock your login Keychain. The dialog box will also provide options for updating the login Keychain. For information about updating the login Keychain, view How to update your Keychain Password during login or How to update or re-create Mac OS Keychain password.

Note: For assistance updating the Keychain login on your Mac, contact the NIH IT Service Desk for help. Once PIV login is enforced (and users can only log in with their PIV cards), this Keychain unlock issue will no longer occur.

 

Information and Assistance

See the PIV Mac Frequently Asked Questions (FAQ)

For additional information, search the NIH IT Knowledge Base for tutorials, instruction sheets and user guides or refer to the appropriate How-To Guide.

For questions or user support, please contact the NIH IT Service Desk.

What's New