diff --git a/roles/sigul/server/files/00-sigul.rules b/roles/sigul/server/files/00-sigul.rules
new file mode 100644
index 0000000000..d3234c20c7
--- /dev/null
+++ b/roles/sigul/server/files/00-sigul.rules
@@ -0,0 +1,12 @@
+polkit.addRule(function(action, subject) {
+    if (action.id == "org.debian.pcsc-lite.access_pcsc" &&
+        subject.user == "sigul") {
+            return polkit.Result.YES;
+    }
+});
+
+polkit.addRule(function(action, subject) {
+    if (action.id == "org.debian.pcsc-lite.access_card" &&
+        subject.user == "sigul") {
+            return polkit.Result.YES;    }
+});
diff --git a/roles/sigul/server/tasks/main.yml b/roles/sigul/server/tasks/main.yml
index c53144b844..5394ebd692 100644
--- a/roles/sigul/server/tasks/main.yml
+++ b/roles/sigul/server/tasks/main.yml
@@ -50,3 +50,8 @@
 - name: Setup gpg link on rhel7
   file: state=link src=/usr/bin/gpg1 dest=/usr/bin/gpg
   when: ansible_distribution_major_version|int == 7
+
+- name: add polkit rules to allow sigul user to access the smartcard/yubikey
+  file: src=00-sigul.rules dest=/etc/polkit-1/rules.d/00-sigul.rules
+  tags:
+  - config