9 Managing credential profiles

Credential profiles collect together all of the elements that you want to be included when issuing credentials to a particular selection of people or devices.

Warning: You cannot issue credentials without a credential profile.

Note: If you want a simple credential profile so you can issue some credentials to check the operation of the system, see section 9.1, Using the provided credential profile.

Credential profiles define the following, some of which are optional:

• Basic credential profile details and usage

  This includes the services that are available, how they are issued, PIN settings, and any particular credential profiles to be incorporated.

• The certificates that may be written to the credential. (Optional)

  The certificate authority must be installed, operational and configured to work with MyID, or certificate policies will not be available for selection. See section 6, Certificate authorities.

• The roles associated with the profile: its availability.

  A range of roles is available by default. See section 4, Roles, groups, and scope for details.

  A credential profile can be associated with one or more roles. You can:

• Associate each role with a different credential profile.

  MyID selects the profile based on the role of the credential holder. The operator is not asked which profile to use when issuing credentials, unless the holder is associated with more than one role.

• Use the same credential profile for everyone.

• Associate more than one credential profile with a role.

  The operator has to choose which profile to use when requesting and issuing credentials.