6.4 Setting up a credential profile for VSCs

Before you can issue a VSC, you must set up an appropriate credential profile within MyID.

Note: You cannot use the Validate cancellation option on VSC credential profiles.

Do not specify a data model for a Microsoft VSC; VSCs do not contain the required data structures.

Important: The Microsoft Virtual Smart Card option in the credential profile appears only when you have set the Microsoft virtual smart cards supported within MyID configuration option. See section 6.2, Setting the MyID configuration options for VSC issuance for details.

See the Managing credential profiles section in the Administration Guide for general instructions. Specific information for VSCs is given below:

  1. In Card Encoding, select Microsoft Virtual Smart Card.

    When you select Microsoft Virtual Smart Card, you cannot select any other encoding type, other than Derived Credential. See the Creating a VSC credential profile section in the Derived Credentials Configuration Guide or the Creating a VSC credential profile section in the Derived Credentials Self-Service Request Portal guide for more information on using VSC derived credentials.

  2. In PIN Settings, set the Maximum PIN Length and Minimum PIN Length options.

    The card properties file for Microsoft VSCs in MyID has a maximum PIN length of 24, and a minimum PIN length of 8. You can specify PIN lengths in the credential profile within these values; if you specify a lower minimum, 8 is used, and if you specify a higher maximum, 24 is used.

    If you need to issue VSCs with PINs longer than 24, contact customer support, quoting reference SUP-313.

  3. In PIN Characters, select the options for the PIN used for VSCs.

    Card Profile PIN Characters

    You can determine whether uppercase letters, lowercase letters, numbers or symbols may be included (Optional), must be included (Mandatory) or cannot be included (Not Allowed).

  4. In Device Profiles, set the Card Format to None.

    VSCs do not support containers for biometrics and so on.

  5. Click Next.

  6. Select the certificates you want to use.

    Do not specify any containers for the certificates.

    Note: If you want to use a certificate for Integrated Windows Logon, make sure it has 2048-bit keys.

  7. Click Next.
  8. Select the roles you want to be able to issue the VSCs and the roles for which you want to request them. Click Next.
  9. Card layouts are not relevant for VSCs. Select card layouts only if you are going to be use the same credential profile for VSCs and for printed cards. Click Next.
  10. Add your comments in the box provided, then click Next to create the credential profile.