6.5 Setting up parent/child credential profiles for VSCs
You can set a credential profile to be a parent credential profile; this is then available to be selected as the parent for one or more child credential profiles. Child credential profiles can be used only for VSCs.
If you issue a user a VSC using a child credential profile, they can use the VSC until they are issued a credential using the parent credential profile; at this point, MyID creates a job that will lock the child VSC.
This is used, for example, in the situation where your users are issued VSCs only until they are issued more permanent smart card credentials.
Note: You cannot delete a credential profile if it has been marked as the parent of another credential profile.
To enable this feature, set the Allow parent and child credential profiles option (on the Issuance Processes tab of the Operation Settings workflow) to Yes.
To set up parent and child credential profiles:
- From the Configuration category, select Credential Profiles.
- Create a new credential profile, or edit an existing credential profile.
-
In the Issuance Settings section, set the following:
- To set the credential profile as a parent, select the Is Parent Profile option.
- To set the credential profile as a child, from the Parent Credential Profile drop-down list, select the parent profile you want to use.
Note: For child credential profiles, you must have Microsoft Virtual Smart Card selected as one of the card encoding options.
- Click Next and complete the workflow.
Note: Under some circumstances, it may be possible for users to use MyID Desktop or the Self-Service App to reset the PIN on their deactivated VSC and use it when it is not required; to ensure that an emergency VSC can be used only when an operator has permitted it, you are recommended to set up authentication codes as activation authentication on the child credential profile; this means that an operator will have to request and issue an authentication code before the user can unlock their VSC.