Security Analytics provides a method of authentication using a CAC (Common Access Card).  This is used widely in government facilities.  

Instead of entering credentials in the Security Analytics login screen, users can insert a CAC in a card reader connected to their workstation. Note that the user accounts (names and passwords) must be previously defined on an external LDAP server, and the CAC must be signed with a CA bundle.

The user was not correctly provisioned in LDAP.

Be sure that the user who is attempting to log in via CAC is already provisioned in the LDAP directory before attempting to log in.  You can to a simple ldap search from the command line or from your workstation using the 'ldapsearch' command.  A typical command would look like this: 

ldapsearch -x -b 'dc=example,dc=com' -H ldaps://ldap_server_url:636 -s sub "cn=User1.sample.sample.sample"