5.28 Viewing the initial PIN for a device

If you have configured your credential profile to generate an initial PIN for the device using the EdeficePinGenerator or EdeficePolicyPinGenerator algorithm, MyID can regenerate the PIN that was used when the device was issued using the same secure method, and display it on the View Device screen.

As this is sensitive information, the field that displays the initial PIN on the View Device screen is protected by a special role named View Device Initial PIN. Only operators who have this role can see the field that contains the initial PIN.

See the PIN generation section of the Administration Guide for details of configuring your system to generate initial PINs on the MyID server.

5.28.1 Configuring the View Device Initial PIN role

When installing or upgrading MyID, the View Device Initial PIN role is added to your system, unless it exists already. The role is defined with no access to any operations; it acts as an additional permission that allows you to view the field that contains the initial PIN for a device only if you already have access to the View Device screen.

In addition, the role is configured with Smart Card as its only logon method; this means that if you log on to the MyID Operator Client using any other logon mechanism (for example, passwords) you cannot see the initial PIN field on the View Device screen. If you want to be able to view the initial PINs when logging in to MyID using any other method, you must configure the logon methods for the View Device Initial PIN role; see the Assigning logon mechanisms section of the Administration Guide for details.

If you delete the View Device Initial PIN role from your system, you can no longer view the initial PINs on the View Device screen. If you subsequently want to re-enable this feature, you can create a new role with the same name.

You are recommended to restrict access to this role by allowing only specified roles to assign it to other operators. To do this, you can set the Managed By option for the role; see the Controlling the assigning of roles section of the Administration Guide for details.

5.28.2 Viewing the initial PIN on the View Device screen

If the following conditions are met:

then the Transport PIN field is displayed on the Details tab of the View Device screen.

If the device was issued with a server-generated PIN using the EdeficePinGenerator or EdeficePolicyPinGenerator algorithm, the PIN is displayed in this field; otherwise, the field is left blank.