1 Introduction

The Derived Credentials Self-Service Request Portal (SSRP) allows you to request a MyID^® derived credential for your smart card, USB token, smartphone, FIDO authenticator, or Windows PC (Microsoft VSC or Windows Hello for Business); this derived credential is based on credentials you already have from another identity provider.

The Self-Service Request Portal supports the following types of identity provider:

• Client certificate from a PIV card – you log in with your PIV card, and SSRP generates derived credentials based on the client certificate stored on the card. This is the default. If this is the only authentication type that you want, you do not need to configure external identity providers.

• OpenID Connect – you authenticate to an external identity provider, and SSRP generates derived credentials based on the claims returned by the external system.

You can configure SSRP for multiple OpenID Connect providers; SSRP provides a choice of providers to the user when they access the SSRP website. You can also configure SSRP for one or more OpenID Connect providers in addition to the PIV card provider.

The SSRP is a website that does not require any additional software to be installed on the client PC. It works with the following browsers on Microsoft Windows PCs:

• Microsoft Edge
• Google Chrome

If you would like to use the SSRP with a different web browser, contact customer support quoting reference SUP-321.

You can request derived credentials from existing credentials that were issued by the current MyID system, or from credentials that were issued by external systems.