Using the ActivID CMS User Portal
An ActivID CMS server is up and running and the ActivID CMS User Portal can connect to it.
The URL for the User Portal has been added as a Trusted Site in the user’s browser.
A smart card reader is installed on your station (if applicable).
The installed smart card reader is correctly configured. The appropriate card reader software driver might need to be installed on the workstation/computer. This is not a requirement for all readers.
All required software is installed (for example, ActivID ActivClient or an applicable Mini-Driver) on the workstation/computer.
In the case of a virtual smart card (VSC), the TPM is initialized and the virtual smart card is created.
This section describes the process for connecting to and using the ActivID CMS User Portal.
The following table lists the authentication method you must use when logging on to the ActivID CMS User Portal for each service.
|
Service |
Authentication Method |
|---|---|
|
Device Initialization |
LDAP Lightweight Directory Access Protocol password, initial password, or security questions |
|
Device Replacement Initialization |
LDAP password, initial password, or security questions |
|
Device Unlock |
LDAP password, initial password, or security questions |
|
Device Incident Notification |
LDAP password or security questions |
|
PIN reset |
LDAP password or security questions |
|
Change PIN/Change Security Answers |
Smart card* |
|
Device Update |
Smart card* |
|
Device Re-issuance |
Smart card* |
|
Download escrowed certificates** |
Smart card* |
|
Issuance of credentials (mobile app certificates) for a mobile device |
Smart card* |
* Device authentication consists of device PIN code and the FIPS 196-based authentication (the latter is transparent to the user). If FIPS 196 authentication is not available (for example, ActivID CMS does not manage a certificate/PKI key pair on the PIN-protected device), then device re-issuance, the ability to change Security Question answers, and mobile app certificates issuance and updates are not available.
** Only supported for Microsoft CA and OpenTrust PKI certificates.
Depending on the state of the device and/or the pending requests in the ActivID CMS, the logon methods to the portal and the Web pages that are displayed will be different.
Topics in this section:
