Configuring the HID CMS Self-Service Portal
The HID CMS Self-Service portal is now available.
Default Configuration
The Self-Service portal relies on the configuration of ActivID CMS and the settings concerning the legacy User Portal. In order for users to be able to utilize the Self-Service portal:
-
The legacy User Portal must be configured to allow self-issuance (refer to Configuring the ActivID CMS User Portal in the ActivID CMS online documentation).
-
The user must belong to a group which has only one device policy assigned to each device type for initial device issuance (refer to Managing User Groups and Configuring Group Assignments in the ActivID CMS online documentation).
The Unlock PIN function is available to all users on the Self-Service Portal regardless of the PIN configuration set using the legacy Operator Portal.
In addition, if you want to enable users to self-issue mobile devices, the following settings must have been configured in the legacy Operator Portal (see Setting Parameters for Devices for details):
-
Multi-Device Support must be enabled
-
Support for Mobile App Certificates must be selected under Enabled Device Types
-
Support for Mobile App Certificates must be selected under Enrollment in User Portal
Note: If the user already has a smart card or security key issued, the mobile device can be issued using the same shared credentials as their initial device (depending on the configured device policies).
Current Limitations
-
The Self-Service portal does not support multiple LDAP directories.
-
You can authenticate with a YubiKey device using the Microsoft Minidriver; however, it is not possible to authenticate with a YubiKey device that uses an RSA 3K key.
-
Authentication with an RSA 3K key is only possible when you are using Crescendo Key v3 or Crescendo 4000 devices, using the HID Crescendo Minidriver.
