27.1 User Data Approved checks
You can configure MyID to prevent issuance of credentials to people who have not passed their identity checks, or whose identity checks have expired, using the User Data Approved flag.
27.1.1 Configuring the credential profile
The Require user data to be approved option on a credential profile prevents credentials from being issued unless the user has the User Data Approved flag set on their account. You can use this option to prevent a user from being issued credentials when they have not passed the required identity checks.
See section 11.3.1, Credential profile options for details.
27.1.2 Setting the User Data Approved flag
The User Data Approved flag on a user record in MyID is an indicator that the user has passed all identity checks and is permitted to receive a credential. You can set this flag by setting the CardIssuanceApproved node through the Lifecycle API
When you set the User Data Approved flag through the Lifecycle API, you can also provide a VettingDate – see the Lifecycle API document for details.
When you set the User Data Approved flag to No on the Edit PIV Applicant screen in the MyID Operator Client, the vetting date is cleared; however, setting the User Data Approved flag to No in the Edit PIV Applicant workflow in MyID Desktop does not clear the vetting date.
Note: When you set the vetting date manually or through the Lifecycle API, it uses a time of 00:00:00 UTC. When you set the vetting date automatically by setting the User Data Approved flag, it uses a time of 12:00:00 UTC, and this time is then used for all subsequent vetting dates, including manually-set vetting dates, until you clear the vetting date manually.
The vetting date is used for the vetting date validity check; see section 27.2, Vetting date validity checks for details.