Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

PIV card

a.k.a. your “Smart Card” or “GSA badge”.

Getting issued a card

Your PIV allows you to get in and out of GSA buildings and avoid security lines.

Although some of our employees are based out of a specific office, your badge can be permissioned for multiple GSA buildings. Email hspd12.security@gsa.gov to start this process, which usually takes a few days. After you receive an email confirmation, you’ll need to visit the security office in each new building to activate your card.

GSA processes new badges every Wednesday. When your badge is ready, you’ll receive an email (in both your personal and GSA emails) from HSPD12Admin@usaccess.gsa.gov containing four steps. Please skip to step four, which details how to schedule an appointment and pick up your badge, and bring the password in step three. To check on the status of your GSA badge, you can email hspd12.security@gsa.gov.

Use with a GSA Mac

Password vs. PIN

All personal computers at GSA need to use PIV cards to log in. This means you’ll use a PIN when logging into your Mac, as well as when you perform other actions on your Mac that require a password. It is not a replacement for your ENT password. Here are some common questions (and answers) that may help.

When the computer first turns on from off/restart, you will use your Mac password. Past that, the PIV+PIN should be used. When the card reader is connected (and working properly), the prompt will change from “password” to “PIN”. PIV + PIN authentication will be required:

  • at login
  • when unlocking your screensaver
  • when running the sudo command in the terminal (mostly needed for development tasks)
  • when installing certain applications
  • when making changes in System Preferences
  • when performing any other action that currently requires your laptop password that isn’t covered above

If you are prompted on your laptop to “reset your password”, it is referring to your “local” Mac password, not your ENT or PIN. Please complete those steps right away, as there’s a timeout.

The GSA Self Service app uses your ENT credentials.

Certificate prompt

When logging into some systems, you will be asked to choose a digital certificate. If your PIV card is inserted, there will be two certificates listed with your name on them.

  • The right choice generally seems to be the first option.
  • If you want to be certain, on Macs you can look at the digital certificate’s “Usage” field. Choose the one that is only “Digital Signature”
  • If you choose the wrong certificate the first time, you might still be able to log in with another using an incognito window

PIV readers

Types

GSA has a few different types of USB-C readers:

Since the new Macs only have two USB-C ports, and you’ll find one of them is taken up by power and the other taken up by the PIV reader, you’ll probably end up needing a dongle after all, if only to regain a spare USB port.

If you do need to use a dongle, there’s one more wrinkle: The dongle may not provide enough juice to power the USB-C PIV reader. In that case, you’ll need to plug the PIV reader directly into computer. You can plug the power cord into the dongle, then plug the dongle into the computer, so you are powering the computer through the dongle.

If you get the folding kind of reader, it will appear to block the second USB-C port, but you can thread the power cable or dongle cable through the reader’s frame to access the second port.

Issues

If the card is lost, follow these instructions.

Card reader unreliable

Everyone should have two readers (so they have a backup) — request a backup and/or replacement if you don’t.

“SmartCard certificate is not trusted” error

If this error message appears after a period of working, functional PIV login and authentication, it could be a poor connection between the PIV and the reader. Try cleaning the contact pad on the PIV with a pencil eraser. Wipe any eraser debris off afterwards, and reinsert the card into the reader and try again.

Forgot your card

Please contact the Help Desk and they will assist you by temporarily enabling your computer to use a username and password. This can be done remotely, as long as you are connected to the internet.