---
title: SmartCard
framework: devicemanagement
role: symbol
role_heading: Device Management Profile
path: devicemanagement/smartcard
---

# SmartCard

The payload that configures a smart card.

## Declaration

```data
object SmartCard
```

## Properties

allowSmartCard: If false, the system disables smart cards for logins, authorizations, and screen saver unlocking. It is still allowed for other functions, such as signing emails and accessing the web. A restart is required for a setting change to take effect. checkCertificateTrust: Configures the certificate trust check and has one of the following possible values: 0: Turns off certificate trust check. 1: Turns on certificate trust check. A standard validity check is performed but doesn’t include additional revocation checks. 2: Turns on certificate trust check. A soft revocation check is also performed. Until the certificate is explicitly rejected by CRL/OCSP, it’s considered valid. This setting means that unavailable or unreachable CRL/OCSP allow this check to succeed. 3: Turns on certificate trust check. A hard revocation check is also performed. Unless CRL/OCSP explicitly says “This certificate is OK,” it’s considered invalid. This option is the most secure. enforceSmartCard: If true, a user can only log in or authenticate with a smart card. Available: macOS 10.13.2+ oneCardPerUser: If true, a user can pair with only one smart card, although existing pairings are allowed if already set up. tokenRemovalAction: If 1, the system enables the screen saver when the smart card is removed. Available: macOS 10.13.4+ UserPairing: If false, users don’t get the pairing dialog, although existing pairings still work.

## Discussion

Discussion Specify com.apple.security.smartcard as the payload type. Profile availability  |   |   |   |   |   |   |   |  Profile example <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict>     <key>PayloadContent</key>     <array>         <dict>             <key>UserPairing</key>             <false/>             <key>allowSmartCard</key>             <false/>             <key>checkCertificateTrust</key>             <false/>             <key>oneCardPerUser</key>             <false/>             <key>tokenRemovalAction</key>             <integer>1</integer>             <key>enforceSmartCard</key>             <true/>             <key>PayloadIdentifier</key>             <string>com.example.mysmartcardpayload</string>             <key>PayloadType</key>             <string>com.apple.security.smartcard</string>             <key>PayloadUUID</key>             <string>88f7336c-d9f6-44d1-b486-11e4080e2223</string>             <key>PayloadVersion</key>             <integer>1</integer>         </dict>     </array>     <key>PayloadDisplayName</key>     <string>SmartCard</string>     <key>PayloadIdentifier</key>     <string>com.example.myprofile</string>     <key>PayloadType</key>     <string>Configuration</string>     <key>PayloadUUID</key>     <string>85091214-a32f-4131-8b03-0045e5d81c42</string>     <key>PayloadVersion</key>     <integer>1</integer> </dict> </plist>

## See Also

### Security

- [Passcode](devicemanagement/passcode.md)
- [SecurityPreferences](devicemanagement/securitypreferences.md)