3.2 Signing in

You can sign in to MyID using the MyID Operator Client using the following methods:

You can also launch the MyID Self-Service App from the screen to allow you to change your security phrases, for example, or reset your PIN; see section 3.2.8, Managing your credentials from the MyID Authentication screen.

3.2.1 Signing in using a smart card

For an operator to sign in to MyID using the MyID Operator Client with a smart card:

For more information on configuring MyID for smart card logon, see the Logon using a smart card and PIN section in the Administration Guide.

3.2.2 Signing in using security phrases

For an operator to sign in to MyID using the MyID Operator Client with security phrases:

For more information on configuring MyID for security phrase logon, see the Logon using security phrases section in the Administration Guide.

3.2.3 Signing in using Windows Hello

For an operator to sign in to MyID using the MyID Operator Client with a Windows Hello credential:

For more information on configuring MyID for Windows Hello logon, see the Setting up Windows Hello for logon section in the Windows Hello for Business guide.

3.2.4 Signing in using FIDO

For an operator to sign in to MyID using the MyID Operator Client with a FIDO authenticator:

For more information on setting up MyID for FIDO logon, see the Configuring MyID for FIDO logon section in the FIDO Authenticator Integration Guide.

3.2.5 Signing in using single-use authentication codes

For an operator to sign in to MyID using the MyID Operator Client with an authentication code:

For more information on setting up MyID for authentication code logon, see the Configuring authentication codes for the MyID authentication server section in the Administration Guide.

3.2.6 Signing in using Windows authentication

For an operator to sign in to MyID using their Windows credentials:

3.2.6.1 Configuring browsers for Windows authentication

By default, browsers do not pass your Windows authentication details to websites. You must configure your browser to allow it to send this information to the MyID website, or the browser will display a pop-up prompting for your Windows username and password.

You may want to configure the browsers for your organization using Group Policy.

To configure your browser for Windows authentication:

3.2.7 Signing in to MyID

To sign in to MyID:

  1. From the MyID Operator Client landing page, click Sign In.

    If more than one logon mechanism is configured for your system, you are prompted to select which one to use.

  2. To log on with security questions:

    1. Select the Security Questions logon mechanism.

    2. Type your Username:

    3. Click Next.

    4. Type the responses to your security questions:

      The number of security questions you must answer depends on the Number of security questions for self-service authentication configuration option. If you have more security phrases recorded than are required (for example, if you have four security phrases recorded, and you need two to log on) MyID prompts you for a random selection of questions.

    5. Click Sign In.

      The MyID Operator Client dashboard appears.

  3. To log on with a smart card or VSC:

    1. Select the Smart Card logon mechanism.

    2. The Select Security Device dialog appears, listing all of the smart cards (including Virtual Smart Cards) currently attached to your PC.

      If there is a Device Friendly Name specified in the credential profile that was used to issue the device, this is displayed next to the smart card.

      Note: You can set the Show Full Name at Logon and Show Photo at Logon options (on the Logon page of the Security Settings workflow) to configure this screen to display the associated user image and full name of the cardholder.

      Note: If you enable this feature, it is possible to obtain user photos and cardholder names without authentication.

    3. Select the smart card you want to use to log on.

      You can log in with a physical smart card inserted into a card reader on your PC, or with a virtual smart card (VSC) installed on your PC.

      You must now authenticate to your security device.

    4. Type your PIN, then click Login.

      The MyID Operator Client dashboard appears.

  4. To log in with an authentication code:

    1. Select the Authentication Code logon mechanism.

      The Authentication Code Login screen appears:

    2. Type your Username or email address.

    3. Select the option for obtaining your authentication code:

      • I already have a code – select this option if you have already been provided with an authentication code.

      • Send by email – select this option if you want to receive your code in an email message to the email address stored in your person record in MyID. This option is available only if the Self Requested Authentication Code Email email template is enabled.

      • Send by SMS – select this option if you want to receive your code in an SMS message to the cell phone number stored in your person record in MyID. This option is available only if the Self Requested Authentication Code SMS email template is enabled.

      If neither the email nor SMS options appear, you can still use an authentication code to log on if an operator requests one on your behalf.

      Note: The complexity of the code is determined by the Complexity option configured in the email template. See the Changing email messages section in the Administration Guide for details.

    4. Click Next.

      The authentication code entry screen appears:

    5. Type your Authentication Code, and click Sign In.

      The MyID Operator Client dashboard appears.

  5. To log in with your Windows credentials:

    1. Select the Windows Authentication logon mechanism.

      Note: This logon mechanism supports single-click login. If the only logon mechanism available is Windows authentication, when you click Sign In on the landing page, the MyID Operator Client completes the sign-in process without further interaction.

    2. MyID checks your Windows authentication.

      Note: If a popup appears asking for your Windows username and password, you may not have configured your browser correctly. See section 3.2.6.1, Configuring browsers for Windows authentication.

      The MyID Operator Client dashboard appears.

3.2.8 Managing your credentials from the MyID Authentication screen

To carry out self-service operations on your credentials (for example, changing your security phrases, or resetting your device PIN) before signing in to the MyID Operator Client, click the Manage My Credentials option on the MyID Authentication screen.

Note: The Allow Self-Service at Logon configuration option (on the Logon tab of the Security Settings workflow) must be set for this option to appear.

You must have the MyID Self-Service App installed, and the MyID Client Service app installed and running, to use this feature.

Depending on your browser settings, you may need to confirm that you want to allow the browser to open the Self-Service App; for example:

The MyID Self-Service App starts. For more information, see the Self-Service App guide.

3.2.9 Timeouts and re-authentication

When you authenticate to the MyID Operator Client, for example by using your smart card, or by typing your username and security questions, you are granted access for one hour (3600 seconds). However, if you continue working with the MyID Operator Client, this access can be extended every time you make a call to the server; for example, by opening a new screen, saving data, or running a report. You can extend your authentication period at any point up to two hours (7200 seconds) after last using the MyID Operator Client.

However, if you attempt to use the MyID Operator Client more than two hours after last using it, you must re-authenticate to be able to continue. The MyID Authentication dialog appears, and you must provide your authentication details; once you have done so, you can carry on working with the MyID Operator Client.

Important: You must authenticate with the same user and the same logon method. If you authenticate with a different user or logon method, the operation is canceled, and you are returned to the main screen.

Extended authentication is available only for sessions in the same tab or window for security reasons; if you open another tab or window, when the initial access period (one hour) expires, you must re-authenticate, after which you can continue to extend the authentication in that tab or window as before.

If you sign out, or close the browser window, you must re-authenticate when you want to continue using the MyID Operator Client.

There is a limit of 6 days (518400 seconds) beyond which you cannot continue to extend the authenticated session. If you reach this limit (for example, with an automated system), you must re-authenticate before you can continue working with the MyID Operator Client.

If you want to change the default access period, extension period, or limit, you can edit the application settings file for the web.oauth2 web service; see section 17.4.14, Configuring re-authentication timeout periods.

If you want to disable this feature, you can edit the MyID Operator Client settings file; see section 17.4.15, Enabling or disabling re-authentication.