Procedure 6: Issue a Test PIV Card

This section describes how to issue a test PIV Personal Identity Verification (technical standard of "HSPD-12") card using the ActivID CMS Operator Portal.

In the ActivID CMS Operator Portal, verify that a pending Card Production Request (CPR) has been generated for the future user.

  1. Select the Requests tab, and then click Overview.

  2. Select the Device Issuance tab, and then search for the user who will be issued the card.

    Device Issuance tab displaying Issuance to John Anderson request with Next button available

  3. Click Next.

    The future user is prompted to place a finger (left or right) on the biometric sensor to initiate fingerprint verification.

    If the fingerprint verification is successful, then the Device Issuance page appears.

    Device Issuance tab displaying Issuance to John Anderson request dialog box with message indicating that biometric authentication was successful in step 2, Local Issuance option selected in step 3, a smart card reader selected from the drop-down list in step 4 and instructions to insert the card into the reader in step 5, followed by a Cancel button and a Next button at the bottom of the dialog box

  4. Select the type of issuance you want to perform.

    Note: Select Local Issuance for face-to-face issuance, or Binding for self-issuance.

  5. Insert a blank card into the reader, and then select the card reader you want to use from the drop-down list.

  6. Click Next. The Device Issuance page appears.

    Device Issuance tab displaying Issuance to John Anderson dialog box with the smart card policy selected from the drop-down list in step 1, a PIN set for the device in step 2, and instructions to click Next in order to personalize the device in step 3, followed by a Back button and a Next button

  7. Select the device policy you want to apply to the card. If only one device policy has been configured, then it will be selected by default.

  8. Enter the PIN for the smart card (smart card initial PIN).

  9. Click Next to personalize the card for this user.

    If ActivID CMS is configured for two biometric authentications (one before device issuance and one after device issuance), then fingerprint verification must be performed before the card is activated.

    Device issuance takes one of two forms. If you previously selected Local Issuance, then you should see a success message telling you to remove the card from the reader. If you previously selected Binding, then complete the remaining steps.

  10. When prompted, enter the Initial Password. This password must be communicated to the future user as it will be required to perform the self-issuance in the User Portal. In the ActivID CMS Security Setting, the “Authentication method when card is blank and bound” is set to the Initial Password. This could also be set to an LDAP Lightweight Directory Access Protocol Password or Security Questions.

  11. Click Next. The card is assigned to the user.

  12. Have the future user connect to the User Portal, insert the assigned card, and then click Start.

  13. When prompted, have the user log on with the user name and the Initial Password.

  14. When prompted, have the user perform fingerprint verification after which the card will be issued.