Ok, thanks for the quick reponse, @Eli Ofek 


Am I correct in assuming that ATA Center does not support any other external Identity Provider, other than Active Directory?


Maybe we can require smart card on the ATA Center server itself, and block access to the ATA portal from all other computers.