5.17 Reprovisioning cards

The Reprovision Card and Reprovision My Card workflows allow you to re-encode a card completely, based on the data in the MyID database, using the latest version of the credential profile used during issuance.

The card will have the same expiry date as the original card. New certificates may have longer expiration times than the original certificates, but these will not exceed the lifetime of the card itself. Certificates that were revoked externally to MyID will be replaced with new active certificates.

The card must not have been canceled or disabled, and the user's account in MyID must not have been disabled. For PIV systems, the cardholder must be approved for issuance.

Note: Reprovisioning erases and rewrites the card content. If you interrupt the reprovisioning process after the initial card authentication has taken place (for example, by pulling your card from the reader, canceling the workflow, or shutting down MyID) your smart card may be left in an unusable state. To remedy this, carry out the reprovisioning process again, or cancel and reissue the smart card.

These workflows are designed for reprovisioning smart cards only, not contactless tokens.

Validation is not required, even if the credential profile has the Validate Issuance option set.

Note: If you want to create a reprovision request then allow the cardholder to update their own smart card using the Self-Service App, you can use the Request Card Update workflow to request an update, selecting a reason that requires a reprovision. See section 5.7.2, Requesting a card update for details.

To reprovision a card:

  1. From the Cards category, select Reprovision Card.

    The Reprovision My Card workflow works in the same way as the Reprovision Card workflow, with the exception that you can reprovision only those cards that are assigned to you.

    Notes:

    • You can also launch the Reprovision Card workflow from the View Device screen of the MyID Operator Client. See the Reprovisioning a device section in the MyID Operator Client guide for details.

    • You can also launch the Reprovision My Card workflow from the self-service menu in the MyID Operator Client. See the Launching self-service workflows section in the MyID Operator Client guide for details.

  2. Insert a card to be reprovisioned.

    MyID checks the card and informs you if it can be reprovisioned.

    Click Change Card to rescan the available card readers on your PC.

    Note: The Change Card button does not appear if you launch this workflow from the MyID Operator Client.

  3. Select the Reason For Reprovision from the drop-down list.

    See section 6.5, Certificate reasons for details.

  4. Click Next.

    A warning appears. The wording of this warning differs between the Reprovision Card and Reprovision My Card workflows; the Reprovision Card version provides more information to the operator about what happens to the card and account during the process of reprovisioning the card.

  5. Click Continue.

  6. Type the New PIN and confirm it, then click Next.

    The card is now re-encoded with the latest information.