23.3 Setting up authentication methods for activation
The authentication methods available for the Activate Card and Assisted Activation workflows are configured by a combination of the credential profile used to issue the card, global configuration options, and, in the case of Assisted Activation only, the operator's role configuration.
On the credential profile:
- Require Fingerprints at Issuance – to require fingerprints for activation, set to Always Required. If you set this to System Default, MyID looks at the Activation Authentication option.
-
Activation Authentication – set to one of the following:
- Biometric – biometric authentication is used to activate the card.
- Authentication Code (Manual) – an authentication code is required to activate the card. An operator must request an authentication code.
- Authentication Code (Automatic) – an authentication code is required to activate the card. An authentication code is emailed to the applicant when the card is issued.
Note: If you want to use both biometrics and authentication codes, set the Require Fingerprints at Issuance option to Always Required and set the Activation Authentication option to an authentication code option.
If you set the Activation Authentication option to System Default, MyID looks at the configuration options.
On the Operation Settings workflow:
- If the Verify fingerprints during card creation configuration option (on the Biometrics tab of the Operation Settings workflow) is set, and both Require Fingerprints at Issuance and Activation Authentication are set to System Default on the credential profile, the user must provide their fingerprints to activate their card.
-
If both Require Fingerprints at Issuance and Activation Authentication are set to System Default on the credential profile, and the Verify fingerprints during card unlock configuration option is set to No, you must configure at least one operator override option for use in the Assisted Activation workflow (Identity Documents or Operator Approval) or you will be unable to complete the activation of the card.
For the Assisted Activation workflow only, you can configure the operator override options using the Edit Roles workflow. The operator's role settings determine what options they can use if the cardholder cannot provide their fingerprints for some reason.
Note: The operator cannot override authentication codes.
In the Edit Roles workflow, under the Assisted Activation option for the operator's role, select the following options:
- Biometric Bypass – Select this option to allow the operator to bypass the fingerprint authentication stage if the cardholder cannot provide their fingerprints for some reason (for example, an injury). You must select this option if you want bypass the authentication; you must also select Identity Documents or Operator Approval to provide a method of continuing with the card activation.
-
Identity Documents – Select this option to allow the operator to record details of the cardholder's identity documents as an alternative to fingerprint authentication.
Note: The list of available documents is determined by the Authenticate Person Document1 and Authenticate Person Document2 lists. To edit these lists, use the List Editor. See the section 15, Changing list entries for details.
- Operator Approval – Select this option to allow the operator to approve the authentication personally. The operator must provide a reason why they are providing approval.
- Reject Authentication – Select this option to allow the operator to complete the workflow without activating the card, while recording their observations and reasons for rejecting the authentication.