30.10 Issuance Processes page (Operation Settings)
Setting |
|
Default value |
One per credential group |
Description |
This option allows you to control issuance of different types of credentials to users; for example, you might want to issue one smart card, one USB token, and so on. |
Further information |
Setting |
|
Default value |
No |
Description |
Must be set to Yes to allow SSRP to issue a derived credential to a cardholder whose original credential was issued by a different system. The unknown user is added to MyID. |
Further information |
See the MyID configuration options section in the Derived Credentials Self-Service Request Portal guide. |
Setting |
|
Default value |
No |
Description |
Used for VSCs. |
Further information |
See the Setting up parent/child credential profiles for VSCs section in the Microsoft VSC Integration Guide. |
Setting |
|
Default value |
No |
Description |
Determines whether requests for credentials can be created if the person's user data approved status is not set. Set this option to Yes to allow an operator or the Lifecycle API to request credentials even if the person's user data approved status is not set. Even though the request can be created, if the Require user data to be approved option on the credential profile is set, the request cannot be approved or collected until the person's user data approved status is set. Set this value to No to prevent credentials from being requested when the person's user data approved status is not set and the Require user data to be approved option on the credential profile is set. |
Further information |
|
Setting |
|
Default value |
|
Description |
The URL for the Android version of the MyID Identity Agent. Leave blank to hide this option. If you click on a provisioning URL on a mobile device, but do not have the Identity Agent app installed, this link is displayed to allow you to download the app and try again. For derived credentials, the URL is embedded into the QR code that is displayed to the user and allows them to download the Identity Agent app when using the Self-Service Kiosk to collect Derived Credentials. |
Further information |
See the Configuring SMS and email notifications section in the Mobile Identity Management guide |
Setting |
|
Default value |
|
Description |
The URL for the iOS version of the MyID Identity Agent. Leave blank to hide this option. If you click on a provisioning URL on a mobile device, but do not have the Identity Agent app installed, this link is displayed to allow you to download the app and try again. For derived credentials, the URL is embedded into the QR code that is displayed to the user and allows them to download the Identity Agent app when using the Self-Service Kiosk to collect Derived Credentials. |
Further information |
See the Configuring SMS and email notifications section in the Mobile Identity Management guide Note: Due to restrictions imposed by Apple, the URL must be opened in the Safari browser and must link to a page that contains a link to the app to download; the user can then select this link. The URL cannot be a direct link to the app file itself. |
Setting |
|
Default value |
240 |
Description |
The time (in seconds) to be spent attempting to issue a card before canceling the process. |
Further information |
|
Setting |
|
Default value |
40 |
Description |
The time (in seconds) to be spent attempting to detect a card before it is rejected. |
Further information |
|
Setting |
|
Default value |
30 |
Description |
The time (in seconds) that MyID will wait before allowing another print command to be sent once the card has been removed from the printer. |
Further information |
|
Setting |
|
Default value |
Ask |
Description |
Enable the automatic submission of the Print Card stage. |
Further information |
|
Setting |
|
Default value |
300 |
Description |
Timer value (in seconds) for automatically submitting certain forms. |
Further information |
|
Setting |
|
Default value |
2,245 |
Description |
If a user logs in with pending jobs, run the first workflow listed that they have access to. Workflows should be listed as option,operationid;option,operationid and so on. For example: 2,245 – this automatically launches the Activate Card workflow. |
Further information |
See the Workflow IDs section in the Installation and Configuration Guide for a list of the workflow IDs available in MyID. |
Setting |
Automatically create card update jobs when additional identities are modified |
Default value |
No |
Description |
Create card update jobs automatically on changes to additional identities. |
Further information |
See section 25, Additional identities for details. Note: Changes carried out using the Credential Web Service API create update jobs whether this option is set to Yes or No. See the Credential Web Service document for details. |
Setting |
|
Default value |
15 |
Description |
The number of seconds to allow a card to be read before timing out in the Batch Encode Card workflow. |
Further information |
|
Setting |
|
Default value |
No |
Description |
If set, an operator can change the credential profile when approving a request. Note: This affects requests approved through the MyID Operator Client only. |
Further information |
See the Approving requests section in the MyID Operator Client guide. |
Setting |
|
Default value |
Ask |
Description |
Whether credential profile details are displayed when a card is issued. |
Further information |
|
Setting |
|
Default value |
No |
Description |
Controls whether the Unrestricted Cancellation option appears in the Issuance Settings section of the Credential Profiles workflow. This option allows you to re-use a card without first canceling it. |
Further information |
|
Setting |
|
Default value |
No |
Description |
If set, credentials will be issued with an expiry date set to the end of day, that is, 23:59:00 UTC. The time zone setting of the operator's workstation may affect the expiry date. Because the expiry time is 23:59:00 UTC, to ensure that the expiry time is in the future, if the operator's workstation is behind UTC (for example, PDT, which is UTC -7) the expiry is set to 23:59:00 UTC on the following date. This prevents the case where, for example, on January 1 at 20:00:00 PDT an operator requests a same-date expiry. An expiry date of 23:59:00 UTC on January 1 would be in the past, but an expiry date of 23:59:00 UTC on January 2 is still in the future. Note: This setting is designed for devices requested through the MyID Operator Client. Note, however, that even if the devices were requested through the MyID Operator Client, the expiry date is not set to the required value if the devices are collected through the Issue Card or Collect My Card workflows. All other methods of collecting devices work as expected. This setting affects requests made in MyID Desktop only under the following circumstances:
Under the above circumstances, when you collect the device, the time is set to 23:59:00 UTC. When this option is set to the default NO, the time is set to 00:00:00 UTC (the start of the day). This setting also affects the CardExpiryDate and MaxRequestExpiryDate nodes in the Lifecycle API; if the Expire Cards at End of Day configuration option is set to Yes, the time portion of the expiry date is set to 23:59 UTC. If the Expire Cards at End of Day option is set to No, the time portion is set to 00:00 UTC. Note: This setting does not affect any existing expiry dates, whether for requests already created, or maximum credential expiry dates already set for users. Note: Some CAs do not allow control over the time portion of the certificate expiry. When MyID sets the lifetime of the certificate, the date is set as expected, but the time may not match exactly, depending on the certificate authority being used. |
Further information |
See the CardExpiryDate and MaxRequestExpiryDate sections in the Lifecycle API document, the Setting expiry dates for a card section in the Operator's Guide, and the Approving requests section in the MyID Operator Client guide. |
Setting |
|
Default value |
No |
Description |
Whether a card update can be performed manually. This allows you to select which updates to apply to the card from the list of available updates. |
Further information |
|
Setting |
|
Default value |
1 |
Description |
This is the maximum number of multiple credential requests that will be accepted. |
Further information |
See the Requesting multiple cards section in the Operator's Guide. |
Setting |
|
Default value |
1 |
Description |
The maximum number of multiple credential requests that will be accepted without secondary validation. |
Further information |
See the Requesting multiple cards section in the Operator's Guide. |
Setting |
|
Default value |
Choose at request |
Description |
Determines how the one-time password for job authentication is delivered. Choose one of the following: Display on screen Both Choose at request |
Further information |
Setting |
|
Default value |
5 |
Description |
The number of seconds between printing a card and issuing. |
Further information |
|
Setting |
|
Default value |
10 |
Description |
This is the time in seconds to pause between sending requests to the printer. |
Further information |
Used with the Fargo SDK for Fargo printers. |
Setting |
|
Default value |
No |
Description |
Whether the device profile is reloaded onto the card during issuance. Used for Thales authentication devices. |
Further information |
|
Setting |
|
Default value |
No |
Description |
Displays an extra option in the Credential Profiles workflow that allows you to restrict issuance to user accounts with specific user attribute mappings. |
Further information |
|
Setting |
|
Default value |
No |
Description |
When a card update is collected, any GlobalPlatform or PIV 9B keys associated with the device will also be updated if they are found to be out of date. |
Further information |
See section 7.3.8, Rotating customer keys for details. |
Setting |
|
Default value |
No |
Description |
If set to Yes, the operator can specify a credential profile when renewing a device. Note: This setting affects devices renewed through the MyID Operator Client only. |
Further information |
|
Setting |
|
Default value |
No |
Description |
If set to Yes, the operator can specify a date for expiry of credentials when they are requested. Note: This setting affects the MyID Operator Client and MyID Desktop only. Requests created using APIs directly are not affected. |
Further information |
|
Setting |
|
Default value |
Yes |
Description |
Set to Yes to display all credential profiles, whether or not they meet the Requisite User Data requirements. Set to No to hide any credential profiles that do not meet the Requisite User Data requirements. Note: This setting affects the display of credential profiles in the MyID Operator Client only. |
Further information |
Setting |
|
Default value |
Yes |
Description |
Set to Yes to display the Card Content button on the Audit workflow. |
Further information |
|