10.4 Launching MyID Desktop
You can launch MyID Desktop from the shortcut installed by the installation program, from the command line, or from a hyperlink. You can also specify various options on the command line or hyperlink.
10.4.1 Launching MyID Desktop with a specific server
When you install MyID, you can specify multiple servers in the list of allowed server addresses; see section 10.2, Installing MyID Desktop. For information on changing the server address after installation, see section 10.3.3, Server location. This feature allows you to configure MyID Desktop to be able to connect to multiple servers (for example, if you have a test server and a production server).
By default, MyID Desktop connects to the first server in this list. If you want to connect to any of the other servers, you can specify the server address on the command line using the /server option.
MyIDDesktop.exe /server:<address>
where:
- <address> is one of the allowed server addresses.
For example:
MyIDDesktop.exe /server:https://testserver
10.4.2 Launching MyID Desktop with a specific workflow
You can launch MyID Desktop using a workflow ID on the command line:
MyIDDesktop.exe /opid:<value>
where:
- <value> is the ID of the workflow you want to launch.
See section 10.4.8, Workflow IDs for a list of workflow IDs.
Note: The user must have access to the specified workflow.
10.4.3 Launching MyID Desktop for credential activation
You can launch MyID Desktop to start up at the credential activation screen:
MyIDDesktop.exe /activate /sn:<serial> /dt:<device>
where:
-
<serial> is the serial number of the credential you want to activate.
Note: If the serial number contains alphabetical characters, you must ensure that the case matches the case of the serial number stored in the MyID database.
- <device> is the type of the credential you want to activate. If the type contains spaces, enclose the name in quotes.
For example:
MyIDDesktop.exe /activate /sn:123456789 /dt:"Oberthur ID-One PIV"
10.4.4 Launching MyID Desktop for credential unlocking
You can launch MyID Desktop to start up at the credential unlocking screen:
MyIDDesktop.exe /unlock /sn:<serial> /dt:<device>
where:
-
<serial> is the serial number of the credential you want to unlock.
Note: If the serial number contains alphabetical characters, you must ensure that the case matches the case of the serial number stored in the MyID database.
- <device> is the type of the credential you want to unlock. If the type contains spaces, enclose the name in quotes.
For example:
MyIDDesktop.exe /unlock /sn:123456789 /dt:"Oberthur ID-One PIV"
10.4.5 Launching MyID Desktop with a logon code
If a user has been provided with a one time logon code for logging into MyID Desktop, you must start the program using the /lc command-line option.
You must also specify a workflow using the /opid command-line option.
See section 10.4.8, Workflow IDs for a list of workflow IDs.
For example:
MyIDDesktop.exe /opid:216 /lc
10.4.6 Launching MyID Desktop with automatic Windows Logon
You can configure MyID Desktop to attempt to log on using Integrated Windows Logon when it starts up, instead of having to select the option on the logon screen:
MyIDDesktop.exe /lw
You can optionally specify a workflow using the /opid command-line option.
See section 10.4.8, Workflow IDs for a list of workflow IDs.
For example:
MyIDDesktop.exe /lw /opid:216
See the Integrated Windows Logon section in the Administration Guide for details of setting up your system to allow Integrated Windows Logon.
10.4.7 Launching MyID Desktop from a hyperlink
When you install MyID Desktop, it registers the myiddsk: protocol – this means that you can click on hyperlinks on web pages and email messages to launch MyID Desktop.
Using the hyperlink mechanism, you can specify the following:
-
Launch a workflow using the /opid option.
See section 10.4.8, Workflow IDs for a list of workflow IDs.
Note: The user must have access to the specified workflow.
- Launch the activation mechanism for a specific credential using the /activate option with the /sn and /dt options to specify the serial number and device type of the credential to be activated.
- Launch the unlock process for a specific credential using the /unlock option with the /sn and /dt options to specify the serial number and device type of the credential to be unlocked.
- Allow the user to log on with a logon code using the /lc option.
- When using a logon code, you must also specify a workflow using /opid.
- Allow the user to attempt to log on with Integrated Windows Logon using the /lw option.
- When using the /lw option, you can optionally specify a workflow using /opid.
- Launch MyID Desktop with a specific server using the /server option.
Examples:
myiddsk://
myiddsk:///opid:216
myiddsk:///activate+/sn:123456789+/dt:Oberthur+ID-One+PIV
myiddsk:///unlock+/sn:123456789+/dt:Oberthur+ID-One+PIV
myiddsk:///lc+/opid:216
myiddsk:///lw
myiddsk:///lw+/opid:216
myiddsk:///server:https:%2F%2Ftestserver
Note: Make sure you replace spaces in the URL with +. Do not enclose the device type name in quotes. You must encode the forward slashes in the server address with %2F codes.
When you click a link in another application (for example, in a browser, in an email, or within a document) a warning message is displayed. Click Allow or Yes (depending on the application) to open the link. You may also be able to deselect the Always ask before opening this type of address to prevent the warning message from appearing again.
10.4.8 Workflow IDs
The following table contains a list of the MyID operation IDs; this includes, but is not limited to, the workflows available in MyID. You can use this, for example, when launching a MyID client with a specific workflow.
Note: Not all workflow IDs will be available within your implementation of MyID. For example, there are some workflows that have been superseded by newer versions; make sure you test your implementation to ensure you are using the correct version of the workflow. Also, some IDs are used for additional permissions within workflows, rather than workflows themselves.
The master list of workflow IDs is available in the Operations table in the MyID database.
|
ID |
Name |
|---|---|
|
105 |
Amend Group |
|
295 |
Assign Card |
|
405 |
Audit Reporting |
|
221 |
Batch Request Card |
|
299 |
Cancel Credential |
|
2978 |
Card PIN |
|
811 |
Certificate Authorities |
|
702 |
Certificate Requests |
|
202 |
Change PIN |
|
117 |
Change Security Phrases |
|
5002 |
Collect Card |
|
216 |
Collect My Card |
|
242 |
Collect My Updates |
|
807 |
Credential Profiles |
|
831 |
Directory Management |
|
103 |
Edit Person |
|
806 |
Edit Roles |
|
834 |
Email Templates |
|
224 |
Enable / Disable Card |
|
296 |
Erase Card |
|
837 |
External Systems |
|
234 |
Identify Card |
|
215 |
Issue Card |
|
701 |
Issued Certificates |
|
815 |
Job Management |
|
836 |
Key Manager |
|
823 |
Licensing |
|
819 |
List Editor |
|
141 |
Manage Additional Identities |
|
1002 |
Manage Global Platform Keys |
|
142 |
Manage My Additional Identities |
|
410 |
MI Reports |
|
843 |
Notifications Management |
|
816 |
Operation Settings |
|
106 |
Remove Group |
|
109 |
Remove Person |
|
212 |
Request Card |
|
218 |
Request Card Update |
|
297 |
Reset Card PIN |
|
703 |
Revoked Certificates |
|
813 |
Security Settings |
|
409 |
System Status |
|
5000 |
Unlock Credential |
|
122 |
Unlock My Security Phrases |
|
121 |
Unlock Security Phrases |
|
213 |
Validate Request |
|
113 |
View Person |