6.4 Setting up a credential profile for VSCs

Before you can issue a VSC, you must set up an appropriate credential profile within MyID.

Note: You cannot use the Validate cancellation option on VSC credential profiles.

Do not specify a data model for a Microsoft VSC; VSCs do not contain the required data structures.

Important: The Microsoft Virtual Smart Card option in the credential profile appears only when you have set the Microsoft virtual smart cards supported within MyID configuration option. See section 6.2, Setting the MyID configuration options for VSC issuance for details.

See the Managing credential profiles section in the Administration Guide for general instructions. Specific information for VSCs is given below:

  1. In Card Encoding, select Microsoft Virtual Smart Card.

    If you select other options in Card Encoding you may experience issues when collecting credentials; you are recommended to set up a credential profile that contains only Microsoft Virtual Smart Card in the Card Encoding section.

  2. In PIN Settings, set the Maximum PIN Length and Minimum PIN Length options.

    The card properties file for Microsoft VSCs in MyID has a maximum PIN length of 24, and a minimum PIN length of 8. You can specify PIN lengths in the credential profile within these values; if you specify a lower minimum, 8 is used, and if you specify a higher maximum, 24 is used.

    If you need to issue VSCs with PINs longer than 24, contact customer support, quoting reference SUP-313.

  3. In PIN Characters, select the options for the PIN used for VSCs.

    Card Profile PIN Characters

    You can determine whether uppercase letters, lowercase letters, numbers or symbols may be included (Optional), must be included (Mandatory) or cannot be included (Not Allowed).

  4. In Device Profiles, set the Card Format to None.

    VSCs do not support containers for biometrics and so on.

  5. Click Next.

  6. Select the certificates you want to use.

    Do not specify any containers for the certificates.

    Note: If you want to use a certificate for Integrated Windows Logon, make sure it has 2048-bit keys.

  7. Click Next.
  8. Select the roles you want to be able to issue the VSCs and the roles for which you want to request them. Click Next.
  9. Card layouts are not relevant for VSCs. Select card layouts only if you are going to be use the same credential profile for VSCs and for printed cards. Click Next.
  10. Add your comments in the box provided, then click Next to create the credential profile.