Issuing Devices

This section provides details on how to self-issue devices using the ActivID CMS User Portal:

Use this scenario if you have a blank, bound device to personalize. A bound device means the device is associated with a specific user. You can also use this scenario to self-issue a mobile smart card using an NFC or Bluetooth connection.

  1. In your browser, go to the Web page provided by your ActivID CMS administrator for connecting to the ActivID CMS User Portal.

  2. Click Launch User Portal. The Welcome page appears. The first time you connect to the ActivID CMS User Portal from the workstation, a security message might appear before the Welcome page. If this happens, then click Yes to continue.

    3. Important: When you access the User Portal for the first time, a link is displayed so that you can download the ActivID CMS browser extension. Once this is completed, a new link is displayed so that you can also download the ActivID CMS Client. For details, see About Using Google Chrome or Microsoft Edge Browsers with the User Portal.

  3. Insert your smart card and click Start.

  4. Depending on the state of the device and how the ActivID CMS administrator configured the ActivID CMS User Portal, you might be prompted to enter the LDAP Lightweight Directory Access Protocol password instead of an Initial Password or to provide answers to security questions (see the following illustration).

    • Answers to the security questions are case insensitive. This means that you can type the answers using uppercase letters (TOTO), lowercase letters (toto), or a combination of both uppercase and lowercase letters (ToTo, Toto, or TotO).

    • Spaces between letters in the answers to security questions are ignored by the ActivID CMS User Portal.

    • The ActivID CMS User Portal saves the answers to the security questions, which are associated with the user profile in ActivID CMS. You should record the answers to the security questions and keep them in a secure location. If you log in to the ActivID CMS User Portal without the device, you must know these answers.

  5. Enter the Initial Password, the LDAP password, or answers to the security questions, and then click Continue. This starts the device personalization process. A progress bar is displayed. When the process has been completed, a page similar to the following message appears.

  6. Enter and confirm a new PIN for the device, and then click Continue.

    If the issuance is not successful, a warning is displayed:

  7. (Optional) You can click Retry to attempt the issuance again.

    Note: In order for the Retry button to be available, the Enable issuance retry for user option must have been enabled using the Operator Portal.

  8. When a confirmation message appears, click Done.

Prerequisites:  
  • Enrollment of Virtual Smart Cards in the User Portal has been enabled using the Operator Portal.

  • A virtual smart card has been created for the user on the computer where the User Portal is to be used for self-issuance.

  • A device (physical or virtual) is not already bound to the user in ActivID CMS.

  • Self-issuance and self-binding must be enabled.

  • Only one virtual smart card policy is enabled.

Use this scenario if you have a virtual smart card to personalize. A virtual smart card appears as a physical smart card that is always-inserted. It is created in the native Trusted Platform Module (TPM) present on the device’s motherboard. For more information about creating virtual smart cards, refer to Managing Virtual Smart Cards in the ActivID CMS online documentation.

Note: For virtual smart cards, the binding operation is done automatically during self-issuance. Operators cannot bind a virtual smart card in advance.

  1. Connect to the ActivID CMS User Portal by following steps 1 and 2 in Self-Issuing a Device.

    2. Important: When you access the User Portal for the first time, a link is displayed so that you can download the ActivID CMS browser extension. Once this is completed, a new link is displayed so that you can also download the ActivID CMS Client. For details, see About Using Google Chrome or Microsoft Edge Browsers with the User Portal.

  2. Click Start.

  3. Enter the User Name and Password used to authenticate to your directory service and click Continue.

    4. Note: An error is generated if you try to issue a card to a user that already has a device assigned to him.

  4. Wait for the enrollment process to finish.

  5. Enter and confirm a new PIN for the virtual smart card, and then click Continue.

    6. Note: If the issuance is not successful, a warning is displayed. If the Enable issuance retry for user option has been enabled using the Operator Portal, you can click Retry to attempt the issuance again.

  6. When the confirmation message appears, click Done.

    7. Note: To use the virtual smart card, you might have to log off from the computer and then log back on.