Granting access to the workflows

3.3 Granting access to the workflows

The system makes use of the following workflows:

Cancel Credential – used within MyID to cancel a mobile ID and revoke its certificates.
Enable / Disable ID – used within MyID to enable or disable a mobile ID, and suspend or enable its certificates.
Request ID – used within MyID for operator-guided requests for mobile IDs to be installed on a mobile device.
Request My ID – used within MyID for self-service requests for mobile IDs to be installed on a mobile device.
Request Replacement ID – used within MyID to request a replacement for a missing or damaged mobile ID.
Unlock Credential – used within MyID to retrieve an unlock code for an issued mobile ID.
Collect My Updates – used by the Identity Agent app to obtain a mobile ID.
Issue Device – used by the Identity Agent app to obtain a mobile ID.

Note: The Collect My Updates and Issue Device workflows are not used within MyID; they are used to control access from a mobile device to the features of the web service. You must make sure that these workflows are available to the recipient through a role that is set to allow Password as a Logon Mechanism; for example, you can use the PasswordUser role.

Use the Edit Roles workflow to grant access for these workflows to the roles you want to be able to access them.

3.3.1 Roles

You must add the Collect My Updates workflow to the Server Credentials role if the user does not already have access to this workflow through one of their other roles.

Note: You can use the Server Credentials role to control access to the collection service; allocate this role to the users who you want to be able to collect mobile IDs.

Alternatively, you can add the Collect My Updates workflows to an existing role to allow users in that role to collect mobile IDs.

3.3.2 Scope

When a mobile device user, for example a guard, requests the details for another mobile device user, the guard must have the correct scope within MyID to view the details of the other user; for example, the user must be in the same group as the guard if the guard has Department scope.