Using the ActivID CMS User Portal

Prerequisites: Before you begin, make sure that:
  • An ActivID CMS server is up and running and the ActivID CMS User Portal can connect to it.

  • The URL for the User Portal has been added as a Trusted Site in the user’s browser.

  • A smart card reader is installed on your station (if applicable).

    Note: You may need to empty your browser cache in order for the smart card reader to be detected.
  • The installed smart card reader is correctly configured. The appropriate card reader software driver might need to be installed on the workstation/computer. This is not a requirement for all readers.

  • All required software is installed (for example, ActivID ActivClient or an applicable Mini-Driver) on the workstation/computer.

    Note: Starting with ActivID CMS 5.8, the ActivID ActivClient middleware is no longer required.
  • In the case of a virtual smart card (VSC), the TPM is initialized and the virtual smart card is created.

This section describes the process for connecting to and using the ActivID CMS User Portal.

The following table lists the authentication method you must use when logging on to the ActivID CMS User Portal for each service.

Initial Authentication Methods

Service

Authentication Method

Device Initialization

LDAP Lightweight Directory Access Protocol password, initial password, or security questions

Device Replacement Initialization

LDAP password, initial password, or security questions

Device Unlock

LDAP password, initial password, or security questions

Device Incident Notification

LDAP password or security questions

PIN reset

LDAP password or security questions

Change PIN/Change Security Answers

Smart card*

Device Update

Smart card*

Device Re-issuance

Smart card*

Download escrowed certificates**

Smart card*

Issuance of credentials (mobile app certificates) for a mobile device

Smart card*

* Device authentication consists of device PIN code and the FIPS 196-based authentication (the latter is transparent to the user). If FIPS 196 authentication is not available (for example, ActivID CMS does not manage a certificate/PKI key pair on the PIN-protected device), then device re-issuance, the ability to change Security Question answers, and mobile app certificates issuance and updates are not available.

** Only supported for Microsoft CA and OpenTrust PKI certificates.

Depending on the state of the device and/or the pending requests in the ActivID CMS, the logon methods to the portal and the Web pages that are displayed will be different.

Topics in this section: