3.5 Authenticating users

The Authenticate Person workflow allows a MyID operator to authenticate the identity of a cardholder. The authentication is recorded in the MyID audit trail.

This workflow allows you to carry out authentication when required to by your process; for example, for FIPS 201-3, you must confirm the identity of the cardholder before carrying out changes on their card.

Note: MyID does not enforce the authentication of cardholders for operator-led workflows, but by recording the details of the authentication in the audit trail it allows you to verify that your operators have been following the process correctly.

The Authenticate Person workflow allows the following methods of authentication:

• Match Enrolled Fingerprints – the operator guides the cardholder through providing their fingerprint biometrics. The fingerprint is matched against the enrolled fingerprints in the MyID database.

  Note: This feature is supported only if your system has been configured for biometrics. For more information, contact customer support, quoting reference SUP-142.

• Identity Documents – the operator checks the details of the provided identity documents and records their details, including expiry dates and serial numbers.

  Note: The list of available documents is determined by the two Title lists. To edit these lists, use the List Editor. See the Changing list entries section of the Administration Guide for details.

• Security Phrases – the operator asks the user their security questions. For more information on setting the number of security phrases required to authenticate, see the Setting the number of security phrases required to authenticate section of the Administration Guide for details.
• Operator Approval – if the cardholder cannot provide fingerprints, identity documents, or provide their security phrases, the operator can override the check. The operator must provide a reason why they are providing approval.

You can control which methods of authentication are available to operators using the Edit Roles workflow. Underneath the Authenticate Person workflow in the list of available options, you can select which methods are available to operators with that role:

To authenticate a cardholder:

1. From the People category, select Authenticate Person.

   You can also launch this workflow from the View Person screen in the MyID Operator Client; this launches the workflow with the person already selected. See the Authenticating a person section in the MyID Operator Client guide for details.

2. In the Find Person screen, type the details of the person you want to authenticate, then click Search.

3. Select the person you want to authenticate from the list of search results.

   

4. Select the authentication mechanism.

   The list of available authentication mechanisms is determined by your MyID role permissions.

   For Match Enrolled Fingerprints:

   

   Select the fingerprint you want to match, and guide the cardholder to use the fingerprint scanner.

   For Identity Documents:

   

   Record the details of two identity documents provided by the cardholder, including:

   • Title – the type of document.
   • Issued by – the issuer of the document.
   • Number – the serial number of the document.
   • Expiration – the expiration date of the document.

   Note: The list of available documents is determined by the two Title lists. To edit these lists, use the List Editor. See the Changing list entries section of the Administration Guide for details.

   For Operator Approval:

   

   Provide the details of your manual authentication of the cardholder. Include as many details as possible as to why the cardholder could not provide fingerprints or identity documents.

   For Security Phrases:

   

   Ask the user their security questions and type the answers, then click Verify Phrases.

   The number of questions you need to ask is independent of the number of questions the user has stored in the system – for example, the user may have four questions stored, and you may be required to ask two of them for operator-led authentication.

   For more information on setting the number of security phrases required to authenticate, see the Setting the number of security phrases required to authenticate section of the Administration Guide for details.

5. Type your comments in the Comments box. These comments are included in the MyID audit trail.
6. Click Authenticate to approve the cardholder's identity or Reject if you are not satisfied.