7.7 After you upgrade

After you have completed the installation process for the new version of MyID, you may have to carry out some additional configuration before your system is fully operational.

7.7.1 Reviewing web server security

Upgrading your MyID system may reset some of your IIS configuration, if you have made changes manually or using PowerShell scripts; for example, setting up SSL/TLS on your websites. You must review your IIS settings after upgrade to ensure that everything is configured correctly.

7.7.2 Upgrading clients

You are recommended to upgrade your clients (Self-Service App, MyID Desktop, and MyID Client Service) on each client PC when you upgrade MyID. Older versions of the MyID clients may continue to operate with reduced functionality, and may experience problems when attempting to use new functionality.

7.7.3 Upgrading credential profiles

After you have upgraded your system, you must use the Credential Profiles workflow to upgrade each credential profile to the latest version.

To upgrade a credential profile:

1. From the Configuration category, select Credential Profiles.
2. From the Select Profile drop-down list, select the profile you want to edit.
3. Click Modify.
4. Click Next on each screen until you complete the workflow.

The profile is updated to the latest version of the software.

7.7.4 Upgrading roles

The upgrade process can make changes to the roles set up on your system. Check that your role assignments are correct after you have completed the upgrade.

When you install MyID, the System role is granted permission to all the workflows in MyID. Make sure you review your security requirements for this role after upgrading MyID.

7.7.5 Modifying an existing installation

If you want to use the installation program to modify your installation of MyID after the original installation is completed, see section 8.4, Modifying the installation.

7.7.6 Upgrading systems with a startup user

If you are using a startup user configured using GenMaster, after you upgrade your system to the latest version of MyID you may not be able to use that account to log on to MyID. To reset the startup user, run GenMaster again and select the Configure startup password option. See section 8.5.1, Running GenMaster for details.

Note: Startup users are intended only for bootstrapping your system, and are not intended for long-term use. See the System Security Checklist document for details.

7.7.7 Upgrading customized configuration

If you have made any changes to configuration files, such as the myid.config file for the various MyID web services, you must merge in the changes from the backups you made before you installed the new version.

You may also have to re-implement translations. For information about translating the text for all on-screen elements in the client applications, contact Intercede customer support, quoting reference SUP-138.

If you have further customizations on your system and would like assistance with the upgrade process, contact customer support quoting reference SUP-300.

7.7.8 Upgrading systems with multiple databases

Your MyID system may have multiple databases; for example, a separate audit database, an audit archive database, or a binary objects database. You configure MyID to point to the appropriate database by configuring its .udl files; you are recommended to back up these files in the Windows SysWOW64 folder (for 32-bit MyID before version 12.0.0) or System32 folder (for 64-bit MyID from 12.0.0 on) before you start the upgrade; after you have installed the new version of MyID, you may have to reconfigure each of these files to point to the appropriate database.

For more information about setting up your MyID system to use multiple databases, see the Database configuration section in the Advanced Configuration Guide.

7.7.9 Upgrading systems that use Integrated Windows Logon

If your system uses Integrated Windows Logon, you must reconfigure the web services and carry out any configuration in IIS for Integrated Windows Logon. See the Configuring the MyID web services for Integrated Windows Logon section in the Web Service Architecture guide and the Integrated Windows Logon section in the Administration Guide for details.

7.7.10 Supporting older clients

MyID has an improved envelope mechanism. This provides enhanced security for data transferred between MyID clients and the MyID server. When you install MyID, it is configured to support the new Envelope Version 1.3 instead of the previous Envelope Version 1.2. This affects whether you can use older clients to access MyID:

• Windows clients (MyID Desktop, Self-Service App, and Self-Service Kiosk) that use MyID Client Components version UMC-10.1.1000.14 or later (as provided with MyID 10.1) support the new Envelope Version 1.3.
• Windows clients using older versions of the MyID Client Components support only the previous Envelope Version 1.2.

You can choose which envelope mechanisms to support in MyID; if you need to maintain support for older clients, you must enable support for Envelope Version 1.2.

To select the envelope mechanisms:

1. Install the latest MyID Desktop.
2. Within MyID Desktop, from the Configuration category, select Security Settings.

3. On the Server tab, set the following:

   • Allow envelope version 1.2 – MyID allows clients to connect using the older envelope mechanism. All clients support this mechanism.

   • Allow envelope version 1.3 – MyID allows clients to connect using the updated envelope mechanism. Windows clients from MyID 10.1 support this mechanism.

   Note: Do not deselect both options. If you deselect both options, no clients will be able to access MyID, and you will be locked out of the system. If you accidentally deselect both options, contact customer support, quoting reference SUP-140.

4. Click Save changes.

Note: If you have enabled envelope version 1.2, then subsequently decide to disable it and use envelope version 1.3 only, you may experience some problems when you set the option in the Security Settings workflow. After you click Save changes to set Allow envelope version 1.2 to No and Allow envelope version 1.3 to Yes, MyID Desktop cannot communicate with the server through its current connection, and you will see an error similar to:

An error occurred on the server when processing the URL. Please contact the system administrator.
If you are the system administrator please click here to find out more about this error.

Close MyID Desktop (this may present additional errors, which you can safely ignore). When you open MyID Desktop again, it will use envelope 1.3 and work correctly.