ActivID CMS User Portal Services
When a user connects to the ActivID CMS User Portal, the choice of services displayed depends on the state of the device and the User Portal configuration. The following table lists all the ActivID CMS User Portal services.
|
Device State and ActivID CMS User Portal Configuration |
Service Provided by the ActivID CMS User Portal |
|---|---|
|
Device has not been bound and not assigned to a user |
|
|
Blank device is inserted into the reader, but device binding has not been authorized for the user. |
Not available – an error message appears. |
|
Blank device is inserted into the reader and device binding has been authorized for the user. |
The User Portal executes a device issuance request or device replacement request. This service is LDAP Lightweight Directory Access Protocol password- protected; no other authentication method is allowed. |
|
Device is bound but device has not been issued |
|
|
Blank device is inserted into the reader. Configurable authentication methods are:
|
The User Portal executes a device issuance request or device replacement request. |
|
Device is bound and issued, but is in LOST, STOLEN or DAMAGED state, or has been terminated |
|
|
Device is inserted into the reader. |
Not available – an error message appears. |
|
Device is locked |
|
|
Device is inserted into the reader. Device unlock process can be configured in Assisted online or Self online mode. Configurable authentication methods are:
|
The User Portal executes a device unlock request. When a device update request is pending, the unlock request is not executed; instead, you must delete the pending Device Update request.
|
|
Device is operational (bound, issued, in valid state) and user wants to reset a forgotten PIN |
|
|
Device is inserted into the reader. Device reset process can be configured in Assisted online or Self online mode or both. Configurable authentication methods are:
|
The User Portal executes a Device Reset PIN request. User can change the PIN even if the device is not locked. |
|
Device is operational (bound, issued, in valid state), no device is inserted into the reader |
|
|
Configurable authentication methods are:
|
The User Portal allows user to enter a device incident. When the device incident report functionality is not configured, this service is not available. |
|
Device is operational (bound, issued, in valid state), FIPS-196-based authentication is available |
|
|
Device is inserted into the reader. The authentication method is device PIN and FIPS-196 authentication. The FIPS-196-based authentication requires the device to contain at least one ActivID CMS-managed certificate and PIN-protected PKI key pair. |
The User Portal executes any pending device update requests. Portal executes any pending device re-issuance requests. Users can:
|
|
Device is operational (bound, issued, in valid state), FIPS-196-based authentication is NOT available |
|
|
Device is inserted into the reader. The authentication method is a device PIN. If FIPS-196-based authentication is not available, then the services of device re-issuance and security question answer changes are not available. |
The User Portal executes any pending device update requests. Users can change their PIN code and download escrowed certificates. |
Virtual smart cards are considered as always present/detected in the card reader and can only be self-issued by the user.
YubiKey devices inserted in the client machine appear as a card reader with a card inserted.
For more details, see Managing Virtual Smart Cards or Managing YubiKeys.
