8.2 Credential profile setup for PIN generation

You can configure MyID to generate PINs when issuing smart cards.

For details of the available options in the credential profile, see the PIN Settings section in section 9.2.1, Credential profile options.

You are recommended to set the PIN Settings and PIN Characters options in the credential profile to match the required PIN policy for the device. The options available depend on the card type you are using; you may not be able to change some options on all card types, as they are set at manufacture, but you are recommended to make sure the options match the generated PINs to prevent any conflict with the PIN rules on the card.

The PIN generators use the following PIN characters:

8.2.1 PIN generation for issuance

For smart card issuance, set the Issue With option to Server Generated PIN, then select the options you want to use in the credential profile to specify server-side PIN generation.

For example, to use a known algorithm to generate a repeatable 8-digit PIN, set the following options:

You can use the known algorithm to generate the PIN on another system using the protected key and the card serial number, and provide the PIN to the cardholder. See section 8.3, EdeficePinGenerator PIN generation algorithm or section 8.4, EdeficePolicyPinGenerator PIN generation algorithm for details of using the algorithm to generate the PINs.

To use a random server-generated 8-digit PIN, set the following options:

Note: A PIN generated using the RandomPinGenerator is displayed on screen only during the Issue Card workflow; if you are using any other workflow to issue the card, you must select the Email PIN option in the credential profile, and configure MyID to send email notifications.