5.1 Issuing cards

You can issue a card directly, or you can request a card that the user can then pick up. Depending on how your system is set up, it may be necessary to validate a card request before the card can be collected.

5.1.1 Issuing a card

The Issue Card workflow allows you to issue a card to a MyID user. The user must already exist in the database before you can issue a card.

To issue a card:

1. From the Cards category, click Issue Card.
2. Use the Find Person stage to search for the person to whom you want to issue a card.

3. Select the person. The Select Credential Profile screen appears.

   

   Click the Details button to view the details of the profile that is currently selected. Click Hide to return to the original view.

4. Select the profile you want to use from the drop-down list, then click OK.

   

5. Insert a blank card into the reader.

6. In the Create Card stage, enter or view the PINs for the card:

   • If the card has a contact chip, type and confirm its PIN.
   • For each hardware and software one time password:
     • If the type of password required in the profile is User, type and confirm the PIN.
     • If the type of password required is Device, the PIN is the same as the PIN for the contact chip.
     • If the type of password required is Server, the PIN is generated.
     • If the type of password required is None, there is no PIN.

   Click Details to show details of the information that will be written to the card (see below). Click Hide to show the summary.

   

7. Click Next.

   MyID then writes any certificates to the new card.

If there is a problem when issuing the card, you may be able to select a different credential profile or card to attempt to issue the card again.

5.1.2 Requesting a card

The Request Card workflow allows you to request a card that can be collected later using the Collect Card or Collect My Card workflows. Depending on how your system is set up, it may be necessary to validate a card request before the card can be collected.

To request a card:

1. From the Cards category, click Request Card.
2. Use the Find Person stage to search for the person to whom you want to issue a card.
3. Select the person. The Select Credential Profile screen appears.
4. Select the credential profile you want to use from the drop-down list.

5. To request a card using this profile, click Request Card.

   To pre-allocate a specific card, click Assign Card:

   • If the Allow card serial number to be entered during Request Card workflow option is set to Yes, you can enter the serial number.

     You can include ? and * as wildcard characters; any unassigned devices, or devices with unrestricted cancellation, that match the search criteria are displayed; the device serial numbers must already be known to MyID. If more than 10 devices match the search criteria, you must search again with more restrictive criteria.

   • Alternatively, insert the card you want to allocate.

   MyID creates the card request job.

• IKB-367 – Problem adding a user from Active Directory where the logon name already exists in MyID

  A problem has been identified when the following scenario occurs:

  • A user account is added to MyID from Active Directory.

  • The user account is removed from Active Directory, but no removal of the account from MyID takes place.

  • A new user account is created in Active Directory with the same logon name.

  • An attempt is made to request credentials for that user account in MyID.

  When this occurs, errors similar to the following appear:

  • In the Request Card workflow in MyID Desktop:

    There has been a problem validating the user due to missing or invalid data

  • In the Request Device screen in the MyID Operator Client:

    Validation problem, the value for 'logonName', 'Logon', already existsError number: WS40001

  As a workaround, you can remove the user account from MyID using Remove Person and repeat the steps to create the new request.

5.1.3 Validating a card request

If the credential profile has the Validate Issuance option set in the Issuance Settings, you must validate a card request before the card can be issued. The validator must be a different person than the person who requested the card or the person to whom the card will be issued.

The Validate Request workflow allows you to validate a card request.

To validate a request:

1. From the Cards category, click Validate Request.

2. Enter the search details for the job, then click Search.

   

3. From the list of jobs, select the card request you want to validate, and click Next.

   

4. You can select a different credential profile from the list if necessary.

5. Click one of the following options:

   • Accept to validate the card request. The card can now be issued.
   • Reject to reject the card request. The card can not be issued.

5.1.4 Collecting a card

You can collect a card that has been requested for another user.

To collect a card:

1. From the Cards category, click Collect Card.

   

2. Enter the search details for the job, then click Search.

   For details of using search filters, see section 2.2.3, Using advanced search.

3. Select the job from the list.

   

4. Make sure that the details of the job are correct. This screen lists the following:

   • On the Issuance Policy tab, details about the credential profile that will be used to issue the card.
   • On the Content tab, details about the card content, including format and certificates.
   • On the Job Details tab, details about the request and approval of the card, the job label, and any assigned card details.

5. Click Next.

   

6. Select the following option:

   • Smart Card Reader – select this option to issue the card using a card reader attached to your PC.

7. Insert a card into the card reader.

   If there is more than one suitable card inserted, select the card you want to use. If only one suitable card is inserted, the workflow automatically moves on to the next stage.

8. Depending on how your system is configured, you may see a warning at this stage; when you install MyID, the settings on the Device Security page of the Security Settings workflow are configured to require you to use customer GlobalPlatform keys and random Security Officer PINs (SOPINs). The system is also configured to display warnings if your system is not securely configured. See the Device Security page (Security Settings) section in the Administration Guide for details.
9. Click Next.

10. Click Next.

    

11. Type the PIN for the card in the Enter PIN box, then again in the Confirm PIN box.

    MyID provides feedback on-screen that the PIN meets the requirements configured in the credential profile. Once you have entered and confirmed a valid PIN, click Continue.

    MyID writes the user's details and any configured certificates to the card.

    Note: If you are issuing prox-only cards, or combination chip and prox cards, if the prox part of the card is not detected at this stage, check the following:

    • The card is a prox card.
    • The card is the correct prox card with the correct serial number.
    • The prox portion of the card is working correctly.

12. If the credential profile is configured for a mailing document, you can print it at this point.

    

    Note: For details of configuring templates for mailing documents, contact customer support, quoting reference SUP-255.

13. Either select Print document, then click the Print button, or select Skip document printing.
14. Click Next.

The workflow completes.

• IKB-216 – Magnetic stripe only card issuance not supported in Collect Card

  It is not currently possible to use the Collect Card workflow to issue a card with magnetic stripe encoding only – that is, without additional contact chip or contactless encoding. Jobs that require magnetic stripe only are omitted from the search results.

5.1.5 Collecting your own card

You can collect a card that has been requested for you. You may be able to log on with your security phrases to collect your new card. If you have logged on with a card, you can collect updates that an administrator has requested for that card using the Request Card Update workflow.

To collect a card or an update:

1. From the Cards category, click Collect My Card.

   If you have more than one card request waiting, the list of jobs available for your card appears.

   

2. Select the job you want to collect, then click Next.

3. If the card was pre-allocated using the Assign Card option when it was requested, you must present the same card. Either insert the card with the specified serial number, or type the serial number (for cards with no contact chip).

   Follow the instructions on screen to collect your card or updates.

   If there is a problem when issuing the card, you may be able to select a different card to try again.