Cisco device authentication via PIV or CAC

[icecream-guy]

Anyone out here doing device authentication via PIV or CAC cards?   how does it work?  what would I need to implement?

I suppose it needs to be certificate based, loaded onto the PIV or CAC card, inserted into a reader......


so the idea is, when I connect to the router or switch I'm not prompted with a Cisco device login prompt, prompted with possibly a pop up box on my computer to select a certificate if there multiple certificates on my PIV/CAC card, or if the card is not inserted into the card reader. otherwise I would be take directly to CLI.