Initial Steps After Installation

This section describes the initial procedures required for ActivID CMS administrators and operators to get ActivID CMS up and running, as well as covering how to activate support for virtual smart cards and mobile app certificates.

Important: The URL for the Operator Portal must be added as a Trusted Site in the user’s browser.

Initial Steps for ActivID CMS Administrators

  1. Install ActivID CMS. If ActivID CMS was installed in an attended startup mode, then you must provide the database and security key passwords in order to start the server.

    For information about ActivID CMS installation and startup, refer toInstalling ActivID CMS.

  2. Log on to the ActivID CMS Operator Portal as an ActivID CMS administrator using the client certificate generated either by the ActivID CMS Setup program or by your own certificate authority (CA).

  3. Configure the ActivID CMS repositories, see Configuring Repositories.

    • Directories

    • Certificate Authorities (if applicable)

    • ActivID AAA Servers (optional)

    • ActivID CMS Peer Servers (optional)

  4. Create a user group, see Managing User Groups.

  5. Enroll additional operators, see Managing Operators.

  6. Create a role, see Managing Roles.

  7. Create a device policy, see Configuring Device Policies.

  8. Create a group assignment, see Configuring Group Assignments.

  9. Perform a connectivity check from the Configuration tab and the Connectivity Check sub-tab.

  10. Configure the ActivID CMS Security Settings, see Configuring Security Settings.

  11. Configure the ActivID CMS User Portal, see Configure the ActivID CMS User Portal.

  12. Customize ActivID CMS (optional), see Customizing ActivID Credential Management System.

After you complete these steps, the system will be ready for operators to issue and manage devices.

Initial Steps for ActivID CMS Operators

ActivID CMS operators have different roles. Some operators may also have ActivID CMS administrator privileges.

  1. Using the operator client certificate, log on to the ActivID CMS Operator Portal.

  2. Issue devices, see Issuing Devices.

  3. Select the Help Desk tab and familiarize yourself with the functions, see Using the Help Desk.

  4. Post-issue, manage and update devices as needed, see Updating and Reissuing Devices.

Activating Support for Virtual Smart Cards and Mobile App Certificates

ActivID CMS allows the issuance of virtual smart cards, as well as credentials (mobile app certificates) for mobile devices (phones, tablets). However, the administrator must first activate support for these types of devices using settings available in the Operator Portal.

Important: By default, support for the Virtual Smart Card and Mobile App Certificate device types is not enabled.

The Devices topic (available on the Customization sub-tab of the Configuration tab) includes the settings needed to:

  • Enable support for multiple device types (OP_2.0 Smart Cards, PKCS#11 Devices, Mobile App Certificates, Mobile Smart Cards, Virtual Smart Cards, and YubiKeys).

    • Note:

    • Support for OP_2.0 Smart Cards, PKCS#11 Devices, and YubiKeys is enabled by default.

    • In the current version of ActivID CMS, support for Mobile Smart Cards has been deprecated.

  • Set a default device type.

  • Specify which device types can be enrolled in the User Portal. (By default, only OP_2.0 Smart Cards and PKCS#11 Devices are checked.)

Enabling support for Virtual Smart Cards and/or Mobile App Certificates does not automatically enable support for their enrollment on the User Portal. This means that an operator can set up his/her server (for example, adding new certificate authorities and defining policies) without the end user having access to the enrollment function in the User Portal.

For details on enabling support for devices, see Setting Parameters for Devices.

For details on virtual smart cards or mobile app certificates, see Managing Virtual Smart Cards or Managing Mobile App Certificates.

For details on issuing credentials (mobile app certificates) for mobile devices, refer to the ActivID CMS User online documentation.

Note: Enrollment of mobile app certificates is only available in the ActivID CMS User Portal.

About Using Google Chrome or Microsoft Edge Browsers

You can use Google Chrome™ or Microsoft Edge browsers to connect to the Operator Portal. However, you need to install the ActivID CMS browser extension and the ActivID CMS Client in order to issue and update devices. This can be done manually using links that are provided automatically in order to download the ActivID CMS extension and ActivID CMS Client (respectively) when you go to the Device Issuance or Device Update page of the Operator Portal for the first time.

Note: You can also use a group policy to install the ActivID CMS browser extension and the ActivID CMS Client silently without requiring user interaction. For more details, refer to https://chromeenterprise.google/policies/#ExtensionInstallForcelist (for Chrome browsers) or to https://docs.microsoft.com/en-us/deployedge/microsoft-edge-policies#extensioninstallforcelist (for Edge browsers).
Important: For Microsoft Edge browsers, if you are not using a group policy to install the ActivID CMS browser extension, you must make sure that the “Allow extensions from other stores” option is checked in the Extensions menu before downloading the ActivID CMS extension.

When you use a Google Chrome or Microsoft Edge browser on the Operator Portal, ActivID CMS verifies whether the ActivID CMS browser extension is installed. If this is not the case, an error message and a link are displayed on the Device Issuance (or Device Update) page so that you can download the ActivID CMS extension:

Once you have downloaded the ActivID CMS extension and reloaded the page, ActivID CMS then checks whether the ActivID CMS Client is installed. If this is not the case, a new message and link are displayed so that you can download the ActivID CMS Client:

After you reload the page, if both the ActivID CMS browser extension and the ActivID CMS Client are installed successfully, you can proceed as usual to issue or update your device. For more details, see Issuing Devices and Updating and Reissuing Devices.

Note: The ActivID CMS browser extension can be downloaded from the Google Chrome store.

Once the ActivID CMS extension and ActivID CMS Client are installed correctly, ActivID CMS detects them automatically each time you connect to the Operator Portal and no further action is required. However, if the ActivID CMS extension is disabled in your browser, you will need to reload the page in the Operator Portal after you have re-enabled the extension in order for it to be detected by ActivID CMS.

Note: You can also use Google Chrome or Microsoft Edge browsers to connect to the User Portal. For details, refer to the ActivID CMS User online documentation.