8.3 Launching MyID Desktop
You can launch MyID Desktop from the shortcut installed by the installation program, from the command line, or from a hyperlink. You can also specify various options on the command line or hyperlink.
8.3.1 Launching MyID Desktop with a specific server
When you install MyID, you can specify multiple servers in the list of allowed server addresses; see section 8.1, Installing MyID Desktop. For information on changing the server address after installation, see section 8.2.3, Server location. This feature allows you to configure MyID Desktop to be able to connect to multiple servers (for example, if you have a test server and a production server).
By default, MyID Desktop connects to the first server in this list. If you want to connect to any of the other servers, you can specify the server address on the command line using the /server option.
MyIDDesktop.exe /server:<address>
where:
- <address> is one of the allowed server addresses.
For example:
MyIDDesktop.exe /server:https://testserver
8.3.2 Launching MyID Desktop with a specific workflow
You can launch MyID Desktop using a workflow ID on the command line:
MyIDDesktop.exe /opid:<value>
where:
- <value> is the ID of the workflow you want to launch.
See section 8.3.8, Workflow IDs for a list of workflow IDs.
Note: The user must have access to the specified workflow.
8.3.3 Launching MyID Desktop for credential activation
You can launch MyID Desktop to start up at the credential activation screen:
MyIDDesktop.exe /activate /sn:<serial> /dt:<device>
where:
-
<serial> is the serial number of the credential you want to activate.
Note: If the serial number contains alphabetical characters, you must ensure that the case matches the case of the serial number stored in the MyID database.
- <device> is the type of the credential you want to activate. If the type contains spaces, enclose the name in quotes.
For example:
MyIDDesktop.exe /activate /sn:123456789 /dt:"Oberthur ID-One PIV"
8.3.4 Launching MyID Desktop for credential unlocking
You can launch MyID Desktop to start up at the credential unlocking screen:
MyIDDesktop.exe /unlock /sn:<serial> /dt:<device>
where:
-
<serial> is the serial number of the credential you want to unlock.
Note: If the serial number contains alphabetical characters, you must ensure that the case matches the case of the serial number stored in the MyID database.
- <device> is the type of the credential you want to unlock. If the type contains spaces, enclose the name in quotes.
For example:
MyIDDesktop.exe /unlock /sn:123456789 /dt:"Oberthur ID-One PIV"
8.3.5 Launching MyID Desktop with a logon code
If a user has been provided with a one time logon code for logging into MyID Desktop, you must start the program using the /lc command-line option.
You must also specify a workflow using the /opid command-line option.
See section 8.3.8, Workflow IDs for a list of workflow IDs.
For example:
MyIDDesktop.exe /opid:216 /lc
8.3.6 Launching MyID Desktop with automatic Windows Logon
You can configure MyID Desktop to attempt to log on using Integrated Windows Logon when it starts up, instead of having to select the option on the logon screen:
MyIDDesktop.exe /lw
You can optionally specify a workflow using the /opid command-line option.
See section 8.3.8, Workflow IDs for a list of workflow IDs.
For example:
MyIDDesktop.exe /lw /opid:216
See the Integrated Windows Logon section in the Administration Guide for details of setting up your system to allow Integrated Windows Logon.
8.3.7 Launching MyID Desktop from a hyperlink
When you install MyID Desktop, it registers the myiddsk: protocol – this means that you can click on hyperlinks on web pages and email messages to launch MyID Desktop.
Using the hyperlink mechanism, you can specify the following:
-
Launch a workflow using the /opid option.
See section 8.3.8, Workflow IDs for a list of workflow IDs.
Note: The user must have access to the specified workflow.
- Launch the activation mechanism for a specific credential using the /activate option with the /sn and /dt options to specify the serial number and device type of the credential to be activated.
- Launch the unlock process for a specific credential using the /unlock option with the /sn and /dt options to specify the serial number and device type of the credential to be unlocked.
- Allow the user to log on with a logon code using the /lc option.
- When using a logon code, you must also specify a workflow using /opid.
- Allow the user to attempt to log on with Integrated Windows Logon using the /lw option.
- When using the /lw option, you can optionally specify a workflow using /opid.
- Launch MyID Desktop with a specific server using the /server option.
Examples:
myiddsk://
myiddsk:///opid:216
myiddsk:///activate+/sn:123456789+/dt:Oberthur+ID-One+PIV
myiddsk:///unlock+/sn:123456789+/dt:Oberthur+ID-One+PIV
myiddsk:///lc+/opid:216
myiddsk:///lw
myiddsk:///lw+/opid:216
myiddsk:///server:https:%2F%2Ftestserver
Note: Make sure you replace spaces in the URL with +. Do not enclose the device type name in quotes. You must encode the forward slashes in the server address with %2F codes.
When you click a link in another application (for example, in a browser, in an email, or within a document) a warning message is displayed. Click Allow or Yes (depending on the application) to open the link. You may also be able to deselect the Always ask before opening this type of address to prevent the warning message from appearing again.
8.3.8 Workflow IDs
The following table contains a list of the MyID operation IDs; this includes, but is not limited to, the workflows available in MyID. You can use this, for example, when launching a MyID client with a specific workflow.
Note: Not all workflow IDs will be available within your implementation of MyID. For example, there are some workflows that have been superseded by newer versions; make sure you test your implementation to ensure you are using the correct version of
The master list of workflow IDs is available in the Operations table in the MyID database.
ID |
Name |
---|---|
245 |
Activate Card |
841 |
Add Asset |
102 |
Add Group |
101 |
Add Person |
105 |
Amend Group |
2967 |
Approve Erase |
727 |
Approve Key Recovery |
295 |
Assign Card |
253 |
Assisted Activation |
405 |
Audit Reporting |
814 |
Audited Items |
124 |
Authenticate Person |
50010 |
Authentication Code |
2979 |
Authentication Codes |
255 |
Auto Unlock My Card |
5003 |
Batch Collect Card |
252 |
Batch Encode Card |
221 |
Batch Request Card |
282 |
Bio Unlock My Card |
50011 |
Bypass Authentication |
2985 |
Bypass Authentication |
299 |
Cancel Credential |
1405 |
Cancel Device Identity |
280 |
Card Disposal |
810 |
Card Layout Editor |
2978 |
Card PIN |
811 |
Certificate Authorities |
702 |
Certificate Requests |
110 |
Change Passwords |
202 |
Change PIN |
117 |
Change Security Phrases |
5002 |
Collect Card |
5005 |
Collect Card Updates |
705 |
Collect Certificates |
724 |
Collect Device Identity |
728 |
Collect Key Recovery |
216 |
Collect My Card |
706 |
Collect My Certificates |
730 |
Collect My Key Recovery |
242 |
Collect My Updates |
2384 |
Confirm Details |
1441 |
Confirm Cancel Device Identity |
2122 |
Confirm Details |
2152 |
Confirm Details |
13012 |
Confirm Details |
807 |
Credential Profiles |
820 |
Credential Stock |
2172 |
Decision mode |
274 |
Deliver Card |
831 |
Directory Management |
842 |
Edit Asset |
108 |
Edit Groups |
103 |
Edit Person |
140 |
Edit PIV Applicant |
806 |
Edit Roles |
834 |
Email Templates |
224 |
Enable / Disable Card |
1324 |
Enable / Disable ID |
296 |
Erase Card |
5006 |
Erase Unused VSCs |
837 |
External Systems |
10000 |
Full Access to Manager Lists |
404 |
General |
234 |
Identify Card |
50006 |
Identity Documents |
2974 |
Identity Documents |
1244 |
Identity Documents |
832 |
Import Device |
215 |
Issue Card |
288 |
Issue Device |
260 |
Issue Temporary Card |
261 |
Issue Temporary Card (Part 2) |
701 |
Issued Certificates |
815 |
Job Management |
836 |
Key Manager |
823 |
Licensing |
819 |
List Editor |
141 |
Manage Additional Identities |
1001 |
Manage Applets |
1002 |
Manage Global Platform Keys |
142 |
Manage My Additional Identities |
289 |
Manage VSC Access |
1243 |
Match Enrolled Fingerprints |
410 |
MI Reports |
721 |
Mobile Certificate Recovery |
843 |
Notifications Management |
816 |
Operation Settings |
1245 |
Operator Approval |
2975 |
Operator Approval |
50007 |
Operator Approval |
13197 |
Operator Approval |
236 |
Print Badge |
298 |
Print Card |
243 |
Print Mailing Document |
709 |
Recover Certificates |
710 |
Recover My Certificates |
266 |
Reinstate Card |
50009 |
Reject Authentication |
2977 |
Reject Authentication |
106 |
Remove Group |
109 |
Remove Person |
277 |
Replace My Card |
270 |
Reprovision Card |
269 |
Reprovision My Card |
254 |
Request Auth Code |
212 |
Request Card |
218 |
Request Card Update |
1306 |
Request Derived Credentials |
1307 |
Request Derived Credentials (part 1) |
1308 |
Request Derived Credentials (part 2) |
723 |
Request Device Identity |
1302 |
Request ID For My Phone |
1301 |
Request ID For Phone |
726 |
Request Key Recovery |
278 |
Request My Temporary Card |
217 |
Request Replacement Card |
1317 |
Request Replacement ID |
297 |
Reset Card PIN |
279 |
Return Temporary Card |
703 |
Revoked Certificates |
1246 |
Security Questions |
2976 |
Security Questions |
13198 |
Security Questions |
50008 |
Security Questions |
813 |
Security Settings |
13173 |
Select Person |
409 |
System Status |
1501 |
Universal Search |
5000 |
Unlock Credential |
1319 |
Unlock ID |
122 |
Unlock My Security Phrases |
121 |
Unlock Security Phrases |
290 |
Unlock VSC Temporary Access |
237 |
Update Card |
238 |
Update Card |
291 |
Update VSC |
731 |
Upload PFX Certificates |
708 |
Validate Certificate Request |
1413 |
Validate Device Identity Request |
213 |
Validate Request |
10003 |
View Device Details |
10001 |
View Full Audit |
729 |
View Key Recovery |
113 |
View Person |
10002 |
View User Audit |
2994 |
Witness Cancel Card |
2156 |
Witness Create Card |