6.9 Including user security identifiers in certificates
A user security identified (user SID) is a unique identifier for a person that is stored in your directory. When you import a person from a directory, or carry out a directory synchronization, MyID obtains the user SID from the directory and stores it in the person's record.
You can view or edit a person's SID on the Account tab for a person's record in the MyID Operator Client; see the Searching for a person and Editing directory information sections in the MyID Operator Client guide.
You can use the additional search criterion User SID Present on the People report in the MyID Operator Client to identify people who do not have this information present; see the People report section in the MyID Operator Client guide.
You can import the user SID through the MyID Core API (by providing the account:usersid value when adding or updating a person) or through the Lifecycle API (by providing the PivCardRequest/Agency/Applicant/Account/UserSID or CMSCardRequest/Group/User/Account/UserSID value) when adding or updating a person.
You can include the user SID in the attribute mappings for certificate templates for Microsoft
If you issue or import a certificate that contains the User SID certificate extension, MyID parses the contents of the extension from the certificate and writes the User SID into the certificate's record in the MyID database – the value is stored in the UserSID field of the Certificates table. If you issue or import a certificate that does not contain the User SID certificate extension, MyID sets the Certificates.UserSID field to an empty string.
The user SID is also stored for additional identities; see section 25.1.3, User SIDs in additional identities. You can view the user SID for the additional identity using the Additional Identities (AID) report in the MyID Operator Client; see the Additional Identities (AID) report section in the MyID Operator Client guide.
In the credential profile, you can specify the user SID as a required attribute for a user be issued a device, so that you cannot issue a credential to a person who does not have a user SID as part of their user record; see section 11.3.1.11, Requisite User Data for details.
Note: You cannot import user SIDs if there is no association with the directory
6.9.1 Using the Certificate Table User SID Utility
The Certificate Table User SID Utility allows you to extract the User SID from existing certificates and update the certificate's record in the MyID database.
From MyID 12.10, MyID extracts and stores the User SID extension data from all certificates you issue or import, but this utility allows you to extract the User SID extension data (if available) from previously-issued certificates.
By default, the utility is located in the following folder on the MyID application server:
C:\Program Files\Intercede\MyID\Utilities\
Run the CertificateTableUserSIDUtility.exe utility on the MyID application server as the MyID COM user in a folder to which the user has write permissions.
The utility produces an output file UpdatedRecords.txt which lists the ID, CertSerialNo and UserSID field values from all records updated.
Note: If you re-run the utility, it does not process any certificates that have already had their User SID extracted by the utility, or that had their User SID extracted on issuance or import. This also means that the utility starts where it left off if you run it again after canceling it while it is processing.