Using HID CMS Self-Service

You can issue and manage your devices using the HID CMS Self-Service Portal.

Prerequisites:
Before you begin, make sure that:

  • A CMS server is up and running and the HID CMS Self-Service Portal can connect to it.

  • A smart card reader is installed on your station (if applicable).

  • The installed smart card reader is correctly configured.

    Note: The appropriate card reader software driver might need to be installed on the workstation/computer; however, this is not a requirement for all readers.

  • All required software is installed (for example, ActivID ActivClient or an applicable Mini-Driver) on the workstation/computer.

You can connect to HID CMS Self-Service using the following URL: https://<CMS Server>/aims/selfservice

There are two authentication options available:

HID CMS Self-Service log in page displaying Using password button and Using device button

If you choose:

Close up of Using password button from HID CMS Self-Service log in screen

A page appears where you can enter your username and password:

HID CMS Self-Service Log in with your password screen with Username and Password filled in and with Log in button and Cancel button available

If you choose:

Close up of Using device button from HID CMS Self-Service log in screen

The following page appears:

HID CMS Self-Service Log in with your device screen with Log in button and Cancel button available

Make sure your device is connected and click Log In. You are prompted to select the certificate for your device; then you are prompted for your PIN.

Important:
If authentication using your device fails, you must close your browser before you try again. If you click Cancel, you can log in using a password; however, if you attempt to log in again with your device (without having closed the browser), the authentication will fail.

After authentication, you reach your My Devices page:

My Devices page displaying a device in the Active state, with an Add Device and an Add Mobile button in the top right corner

All your devices are displayed and you can perform various actions (update, unlock, etc.) by clicking on the action button associated with each device.

A menu is available in the top right corner. You can use it to access online documentation, or log out and return to the home page:

Menu in top right corner of My Devices page deployed to show the user name as well as menu items for accessing the online documentation and for logging out

Current Limitations

  • The self-service portal does not support multiple LDAP directories.

  • You can authenticate with a YubiKey device using the Microsoft Minidriver; however, it is not possible to authenticate with a YubiKey device that uses an RSA 3K key.

  • Authentication with an RSA 3K key is only possible when you are using Crescendo Key v3 or Crescendo 4000 devices, using the HID Crescendo Minidriver.

  • Currently, authentication to the self-service portal with a device does not work with a peer server configuration..

About Using Google Chrome or Microsoft Edge Browsers with the Self-Service Portal

You can use Google Chrome™ or Microsoft Edge browsers to connect to the Self-Service Portal. However, you need to install the ActivID CMS browser extension and the ActivID CMS Client in order to self-issue and update devices. Links are provided automatically to download the ActivID CMS extension and ActivID CMS Client (respectively) when you connect to the Welcome page for the first time.

Important:
For Microsoft Edge browsers, you must make sure that the “Allow extensions from other stores” option is checked in the Extensions menu before downloading the ActivID CMS extension.

When you use a Google Chrome or Microsoft Edge browser on the Self-Service Portal, HID CMS verifies whether the ActivID CMS browser extension is installed. If this is not the case, a message is displayed with instructions containing a link so that you can download the ActivID CMS extension:

Add Device dialog box during Check Browser step when ActivID CMS extension is not installed displaying instructions on how to install it, with a Cancel button and a Next button in the bottom right corner

Once you have downloaded the ActivID CMS extension, HID CMS then checks whether the ActivID CMS Client is installed. If this is not the case, a new message is displayed with instructions containing a link so that you can download so that you can download the ActivID CMS Client:

Add Device dialog box during Check Client step when client software is not installed displaying instructions on how to install it, with a Cancel button and a Next button in the bottom right corner

After the ActivID CMS browser extension and the ActivID CMS Client are installed successfully, you can proceed as usual to self-issue or update your device.

Note: The ActivID CMS browser extension can be downloaded from the Google Chrome store.

Once the ActivID CMS extension and ActivID CMS Client are installed correctly, HID CMS detects them automatically each time you connect to the Self-Service Portal and no further action is required. However, if the ActivID CMS extension is disabled in your browser, you will need to reload the page in the Self-Service Portal after you have re-enabled the extension in order for it to be detected by HID CMS.