4.4 Creating the credential profile

You must set up a credential profile within MyID to be used only for Intel Authenticate VSCs.

Important: The Intel Virtual Smart Card (Only) option in the credential profile appears only when you have set the Enable Intel Virtual Smart Card support configuration option. See section 4.2, Setting the Intel Virtual Smart Card configuration option for details.

To set up the credential profile:

1. From the Configuration category, select Credential Profiles.
2. Click New.
3. Type a Name and Description.

4. In the Card Encoding section, select Intel Virtual Smart Card (Only).

   

5. In the Issuance Settings section, you can select the following options:

   • Validate Issuance
   • Lifetime
   • Terms and Conditions

   • Credential Group

     Important: Do not issue more than one Intel Authenticate VSC to a user on a device. To manage this, you can use the credential groups feature in MyID to create a credential group for your Intel VSCs, then set the Active credential profiles per person configuration option to One per credential group; see the Credential group section in the Administration Guide for details.

   • Generate Logon Code

   See the Issuance Settings section in the Administration Guide for details of these options.

   The other options in this section are not suitable for Intel Virtual Smart Cards.

6. In the PIN Settings section, set the following:

   • PIN Algorithm – EdeficePinGenerator
   • Protected Key – select the PIN generation key you created to protect the Intel Virtual Smart Card PINs. See section 4.3, Creating the PIN protection key.
7. Click Next.

8. Select the certificates you want to issue to the Intel Virtual Smart Card.

   Do not select any certificates that are set for key archival.

   Make sure that you select a certificate that can be used for signing; this is required to allow the user to log in to Windows with their Intel Authenticate VSC.

   Note: For each certificate you select, an Intel Protected Transaction Display PIN entry dialog may appear when you issue the credential, depending on the configuration of the Intel Authenticate policy; the Certificate enrollment does not require user to authenticate option determines whether this appears.

9. Click Next and complete the workflow.

   See the Managing credential profiles section in the Administration Guide for details.