Management Services For End Users

The following management services are available to end users.

ActivClient User Console

The User Console allows users to view and manage smart cards and credentials, including digital certificates.

Digital Certificates

Digital certificates can be Root CA certificates or User certificates.

They can be displayed by ActivClient User Console in a user-friendly way and can also be deleted by users if the smart card policy allows it.

  • Root CA certificates can be imported on smart cards and exported from smart cards.

  • User certificates can be imported on smart cards (PKCS #12 files).

One-Time Passwords

The following services are provided in the ActivClient User Console to use and manage OTP credentials:

  • Generate automatic OTPs (also known as synchronous mode)

  • Generate challenge/response OTPs

  • Synchronize counters for OTPs

  • Configure user name for remote access with OTP

Personal Information

The ActivClient User Console allows users to view personal information stored on their smart card.

Available for:

  • PIV (Personal Identity Verification) cards issued to US Federal Employees and Contractors

  • CAC (Common Access Card) issued by the US Department of Defense

Smart Card PIN

The smart card PIN is controlled by end users.

At any time, users can change their PIN using the Windows Change a password menu.

Smart Card Initialization

ActivClient allows users to initialize smart cards before they can be used. Depending on the smart card configuration, users can:

  • Initialize a blank smart card including setting the PIN code (the blank smart card might already contain smart card applets or not).

  • Reset a smart card (that is, erase the smart card content) and define a new PIN code.

For further information, see PIN Initialization Tool.

Note: ActivClient also supports smart cards initialized by ActivID Credential Management System (CMS), HID WorkforceID Digital Credential Manager, the Crescendo Management Tools and the ActivID Device Initialization Tool.

Smart Card Lock/Unlock

If users enter several incorrect PINs on the smart card, the smart card locks, preventing any further unauthorized use.

If the smart card is locked, users can unlock their card using:

  • Static unlock code owned by users (stand-alone mode).

  • Challenge/response-based unlock code provided by the help desk (requires ActivID CMS, ActivID Authentication Server or ActivID AAA Server).

  • Online and seamless unlock method through the ActivID CMS User Portal.

Note: Depending on the smart card configuration, users can use the PIN Initialization Tool to re-initialize a card without following an unlock process.
Note: For supported YubiKey cards, unlocking via the ActivID CMS User Portal is the only officially supported option.

Remote/Centralized Management

  • Provides support for the ActivID CMS User Portal, the self-service interface for cards issued by ActivID CMS.

  • Allows you to securely update your organization’s smart cards.

  • ActivClient automatically checks if smart card updates are available in ActivID CMS and prompts users to update the smart card.

ActivClient Agent

  • Provides access to common ActivClient operations and shows smart card activity.

  • Is displayed as an icon in the Windows notification area.

For further information, see ActivID ActivClient Agent.

Advanced Diagnostics

  • Helps advanced users and help desk personnel perform a thorough examination of the ActivClient environment (software and smart card).

  • Sends an email of the diagnostic report to the help desk.

For further information, see Advanced Diagnostics.

Log Files

  • Generates log traces to be analyzed by HID Global technical support. No confidential or personally identifiable information is displayed in the log files.

  • Is activated from the ActivClient User Console.