Contracts must be created before they can be assigned to protected resources. If you have not created a protected resource, see Section 2.7.5, Configuring Protected Resources.
Click Devices > Access Gateways > Edit > [Name of Reverse Proxy].
The reverse proxy must be configured with a resource that you want to protect with the smart card.
Click Protected Resource for the proxy service where you want to assign the NESCM contract.
To enable the NESCM contract on an existing protected resource, click the Authentication Procedure link for that resource, then select the NESCM contract created in Creating an Authentication Contract to Use the Method.
If the contract is not listed, ensure that you have updated the changes to the servers, first to Identity Server and then Access Gateway. If you have multiple Identity Server configurations, ensure that Access Gateway is assigned to Identity Server configuration that contains the NESCM contract (click Access Gateways > Edit > Reverse Proxy / Authentication).
Click OK.
Click the Access Gateways task, then update Access Gateway.
Continue with Verifying the User’s Experience.