Hello, 

We just deployed the FMC and I was tasked to try and configure it so that we can use it in conjunction with our token cards during the authentication process. I configured an HTTPS certificate that's been signed by my CA and uploaded that into the FMC and enabled "Client Certificates" in the GUI. 

I have an external connection with an active directory domain configured under the "External Authentication" section of the FMC and have it enabled. I clicked and check marked the "Use for CaC authentication and authorization", however I'm a little confused on what I need to put into the "CAC Environment Variable" and "CAC User Name Template". 

I know these two lines need to come from the actual card certificate information. Just wondering if anyone could give me a good example of what needs to be put into those two lines. 

We would like to have it so that we could authenticate and then have it reach back to certain users associated with a network admin group. 

After it's configured correctly will the authentication and authorization process be automated or do we still have to manually put in the password and username? 

Any help is appreciated! I know that there are guides and other forums that relate to this, but perhaps someone out there can give me a little more information to solve this puzzle.