5.10 After you upgrade

After you have completed the installation process for the new version of MyID, you may have to carry out some additional configuration before your system is fully operational.

5.10.1 Upgrading your renewal and issuance jobs

If you need to update your renewal and issuance jobs, after you install MyID you must run the appropriate database scripts. See section 5.1.4, Upgrading renewal jobs and section 5.1.5, Upgrading card issuance jobs for details.

5.10.2 Upgrading clients

Note: If you have the MyID Client Components (provided in the UMC package) installed on any PC, uninstall them before you install the latest version of the MyID clients.

You are recommended to upgrade your clients (Self-Service App, Self-Service Kiosk, MyID Desktop) on each client PC when you upgrade MyID. Older versions of the MyID clients may continue to operate with reduced functionality, and may experience problems when attempting to use new functionality.

5.10.3 Upgrading credential profiles

After you have upgraded your system, you must use the Credential Profiles workflow to upgrade each credential profile to the latest version.

Note: Credential profiles were previously known as card profiles.

To upgrade a credential profile:

  1. From the Configuration category, select Credential Profiles.
  2. From the Select Profile drop-down list, select the profile you want to edit.
  3. Click Modify.
  4. Click Next on each screen until you complete the workflow.

In most circumstances, you do not have to make any changes. However, see section 5.10.11, Upgrading systems with older data models and section 5.10.12, Upgrading systems with customized data models for considerations relating to upgrading credential profiles and their data models.

The profile is updated to the latest version of the software.

5.10.4 Upgrading security phrase security

MyID now uses SHA256 to store the answers stored for security phrases, providing significantly enhanced security. This feature is enabled by default for new installations. If you are upgrading an existing system prior to version 10.2, you must update the security phrases stored for each user.

The security phrase security setting is controlled by the Use Security Phrase algorithm version 2 option on the PINs tab of the Security Settings workflow. You can set the option to one of the following:

You are recommended to carry out the following procedure:

  1. Set the Use Security Phrase algorithm version 2 option to Ask.
  2. Upgrade each client PC.
  3. Ask each user to change their security phrases on an upgraded client.
  4. Once all users have updated their security phrases, set the Use Security Phrase algorithm version 2 option to Yes.

To get the full benefit of the Use Security Phrase algorithm version 2 feature, the setting must be Yes, and any previously captured passphrases using the original algorithm (while the configuration was set to No or Ask) must be removed. To remove the old security phrases, a user can change their security phrases while the Use Security Phrase algorithm version 2 option is set to Yes. If you require assistance with bulk removal of legacy security phrase data, contact Intercede customer support, quoting reference SUP-121.

Note: This feature also affect authentication codes that were issued by MyID 10.1 or earlier. If you want to use authentication codes that were generated before you upgraded, you must set the Use Security Phrase algorithm version 2 option to Ask. If you set the Use Security Phrase algorithm version 2 option to Yes, you must request new authentication codes.

5.10.5 Upgrading roles

The upgrade process can make changes to the roles set up on your system. Check that your role assignments are correct after you have completed the upgrade.

When you install MyID, the System role is granted permission to all the workflows in MyID. Make sure you review your security requirements for this role after upgrading MyID.

5.10.6 Upgrading email support

Versions of MyID before MyID 10.6 used Database Mail to send email messages.

If you are upgrading an existing system from before MyID 10.6, your Database Mail configuration will continue to work; however, if you want to switch to the new system, carry out the following:

  1. Set up a new SMTP server in the External Systems workflow.
  2. Set the Database Mail Profile Name option to empty.

See the Setting up email section in the Advanced Configuration Guide for details.

5.10.7 Upgrading the storage of PINs for HSMs

From version 10.7, MyID stores the PINs for Thales HSMs encrypted in the registry for the MyID COM+ user. If you are upgrading an existing Thales HSM system and want to migrate the PIN, or if you are using an nCipher nShield HSM and want to store the PIN, you can use the SetHSMPIN utility to do this.

See section 6.6, Setting the HSM PIN for details.

5.10.8 Modifying an existing installation

If you want to use the installation program to modify your installation of MyID after the original installation is completed, contact customer support for advice, quoting reference SUP-299.

5.10.9 Upgrading systems with Virtual Smart Cards

If your system is using server-generated Virtual Smart Cards, note that the server-generated VSC feature has now reached end of support. If you are upgrading from an earlier version of MyID, and are using server-generated VSCs, MyID will continue to support lifecycle management of the issued VSCs. See the Microsoft VSC Integration Guide for details.

5.10.10 Upgrading systems with a startup user

If you are using a startup user configured using GenMaster, after you upgrade your system to the latest version of MyID you may not be able to use that account to log on to MyID. To reset the startup user, run GenMaster again and select the Configure startup password option. See section 6.5.1, Running GenMaster for details.

Note: Startup users are intended only for bootstrapping your system, and are not intended for long-term use. See the System Security Checklist document for details.

5.10.11 Upgrading systems with older data models

When you upgrade your system, if your credential profiles use older data models that are no longer supported, you may experience problems with certificates losing their assigned containers. After upgrading, make sure that each of your credential profiles has a valid data model specified, and has the correct settings for each certificate container, if appropriate.

5.10.12 Upgrading systems with customized data models

If you have customized the standard card data models, installing MyID may overwrite your changes. Make sure you back up your customized files and review the changes after installation.

MyID 10.7 increases the size of the Security Object in all standard card data models. This addresses an issue that prevented issuance on systems where the Certificate Authority had a long distinguished name.

If you are upgrading an existing pre-MyID 10.7 system that has custom data models, you must manually update your data model files to increase the size of the Security Object.

For guidance on updating the size of the security object, contact customer support, quoting reference SUP-247.

5.10.13 Upgrading systems with Project Designer customizations

If you are upgrading a MyID system that has had screen layouts customized using Project Designer, you may see some cosmetic differences after you have upgraded your system.

5.10.14 Upgrading hyperlinks for the Self-Service App

In MyID 11.0, the format used for command-line parameters for the Self-Service App has changed. You must make sure that any systems that make use of these arguments – for example, custom email templates – are updated to use the new command-line arguments. For more information, see the Self-Service App section in the Release Notes or the Command line arguments section in the Self-Service App.

5.10.15 Upgrading customized configuration

If you have made any changes to configuration files, such as the myid.config file for the various MyID web services, you must merge in the changes from the backups you made before you installed the new version.

You may also have to re-implement translations. For information about translating the text for all on-screen elements in the client applications, contact Intercede customer support, quoting reference SUP-138.

If you have further customizations on your system and would like assistance with the upgrade process, contact customer support quoting reference SUP-300.

5.10.16 Upgrading systems with multiple databases

Your MyID system may have multiple databases; for example, a separate audit database, an audit archive database, or a binary objects database. You configure MyID to point to the appropriate database by configuring its .udl files; you are recommended to back up these files in the Windows SysWOW64 folder before you start the upgrade; after you have installed the new version of MyID, you may have to reconfigure each of these files to point to the appropriate database.

For more information about setting up your MyID system to use multiple databases, see the Database configuration section in the Advanced Configuration Guide.

5.10.17 Upgrading systems that use Integrated Windows Logon

If your system uses Integrated Windows Logon, you must reconfigure the web services and carry out any configuration in IIS for Integrated Windows Logon. See the Configuring the MyID web services for Integrated Windows Logon section in the Web Service Architecture guide and the Integrated Windows Logon section in the Administration Guide for details.

5.10.18 Known issues with upgrading