Documentation updates in MyID 12.0.0

17.4 Documentation updates in MyID 12.0.0

This section contains information on new and updated documentation in MyID 12.0.0.

17.4.1 Administration Guide

The Administration Guide has been updated with the following:

Added information on the new feature that allows you to configure a credential profile to use server-generated PINs when resetting a card's PIN.

See the Credential profile setup for PIN generation and PIN Settings sections.
Added information on the updated Requisite User Data feature, including the new Show Disqualified Credential Profiles configuration option.

See the Requisite User Data and Issuance Processes page (Operation Settings) sections.
Added clarifications regarding the credential expiry date functionality.

See the Set expiry date at request and Expire Cards at End of Day options in the Issuance Processes page (Operation Settings) section.
Updated the configuration options on the Video page of the Operation Settings workflow to cover the use of these options for image capture in the MyID Operator Client.

See the Video page (Operation Settings) section.
Clarified the behavior of the Case sensitive security questions configuration option in relation to logon codes.

See the Setting up logon codes and PINs page (Security Settings) sections.
Updated the information on using security phrases to log on to incorporate details of using the MyID Operator Client, and added clarifications surrounding the configuration options used to set up security phrase logon.

See the Logon using security phrases and Logon page (Security Settings) sections.

17.4.2 Configuring Logging

The Configuring Logging document has been updated with the following:

Changes for using 64-bit server components, including file paths and registry settings.

Note that the client components have not changed, and still use 32-bit file paths and registry settings.

17.4.3 Derived Credentials Notifications Listener API

The Derived Credentials Notifications Listener API guide has been updated with the following:

Updated the details of the CessationOfTrustOfCertificate method section to contain the correct information.

See the CessationOfTrustOfCertificate section.
Updated the details of the CessationOfTrust and CessationOfTrustOfCertificate methods to include the limitation that where an applicant has multiple derived credentials on the same device, only the first derived credential is canceled.

See the CessationOfTrust and CessationOfTrustOfCertificate sections.

17.4.4 Entrust CA Integration Guide

The Entrust CA Integration Guide has been updated with the following:

Added troubleshooting information about CA error -2187.

See the Troubleshooting error messages section.
Added clarification on the behavior of CA-controlled encryption certificate issuance when the certificate already exists but is approaching expiry.

See the Effect on escrowed encryption certificates of allowing the CA to control lifetimes section.

17.4.5 Entrust nShield HSM Integration Guide

The Entrust nShield HSM Integration Guide has been updated with the following:

Updated information on disabling the Security Assurance Mechanism.

See the Security Assurance Mechanism section.
Minor updates on the recommended support software version.

See the Hardware and software requirements section.
Changes for 64-bit operation throughout the document.

17.4.6 Error Code Reference

The Error Code Reference document has been updated with the following new error codes:

85080 – Open Platform Keys are not defined for this device.
3102130 – Provided image path does not exist or is inaccessible.
3102131 – Failed to load image. This is usually because it is in an unsupported format.
OA10003 – You do not have sufficient security questions configured.
OA10004 – Your username or security response is incorrect, please try again.
OA10005 – The registration link is invalid.
OA10006 – Logoncode OTPs are disabled on the server.
OA10007 – Your OTP has been entered incorrectly, is locked or you do not have permission to perform this operation. Please try again.
OA10008 – Your session has timed out or is invalid, please try again.
OA10009 – Error registering FIDO in browser.
OA10010 – Error authenticating FIDO in browser.
OA10011 – FIDO authentication failed, please try again. You may not have permission to access this client.
OA10012 – FIDO registration failed, the FIDO token used to register was not trusted. Try a different FIDO token if you have one. <details>
OA10013 – FIDO registration failed, user mismatch.
OA10014 – FIDO registration failed, the credential profile is invalid.
OA10015 – FIDO registration failed, this token is already registered.
OA10016 – FIDO registration failed, the credential profile is set to Enforce Authenticator Attestation Check, but the token registered does not have metadata available on the server. Try registering a different token.
OA10017 – FIDO registration failed, there was a problem accessing the FIDO Metadata Server.
OA10018 – You do not have any FIDO tokens registered.
OC10005 – The file you have uploaded is not an image. Please upload an image.
OC10006 – MyID Client Service error.
OC10007 – A problem has occurred when connecting to the camera.
WS10002 – Unable to retrieve the values for the specified selection box.
WS10003 – Unable to retrieve the requested session information.
WS30021 – Biometric samples of the required type cannot be found for the user.
WS30022 – must be a date in the future.
WS30023 – must be a date in the past.
WS50038 – The selected credential profile is not allowed because the person that requested the job was not allowed to request this credential profile.
WS50039 – You cannot action your own adjudications.
WS50041 – This action cannot be performed because the user has outstanding adjudications.
WS50042 – The request task type is not supported by the credential profile.
WS50043 – This credential profile can only be requested from Request Device
WS50044 – This device requires secondary authorization to cancel it. Please use the MyID Desktop Cancel Credentials workflow.
WS50045 – The device selected cannot be canceled. Please refer to product documentation for further guidance.

17.4.7 FIDO Authenticator Integration Guide

The FIDO Authenticator Integration Guide is new for this release.

See section 17.2.5, FIDO authenticators for details of this new feature.

17.4.8 Installation and Configuration Guide

The Installation and Configuration Guide has been updated with the following:

Clarification on the procedure to set up the registry for the unlock credential provider.

See the Customizing the unlock credential provider section.
Updated the instructions for running GenMaster and the SetHSMPIN utility; you may be prompted for administration credentials.

See the Using GenMaster and Setting the HSM PIN sections.
Note on using the Windows Control Panel Programs and Features option to uninstall MyID, and not the Windows Apps & Features screen.

See the Uninstalling MyID section.
The list of supported client operating systems has been extended to include Windows 10 Version 20H2.

See the Operating systems section.
Updated the instructions for installing MyID to take account of the Scripts folder.

See the Running the installation program and Uninstalling MyID sections.
Added instructions for upgrading from older versions of MyID to 64-bit MyID 12.

See the Upgrading MyID from a 32-bit application to 64-bit section.
Added details of the versions of the .NET Core Desktop Runtime required on client PCs.

See the Additional hardware and software requirements section.
Added information about signed PowerShell scripts.

See the Running the installation program section.
Added information on requirements for the new Authentication user account.

See the MyID Authentication account section.
Updated the installation procedure to include the authentication database, the authentication user, and the new features available in the Server Roles and Features screen.

See the Running the installation program section.

17.4.9 Lifecycle API

The Lifecycle API guide has been updated with the following:

Added a note to the sections on importing answers to security phrases – do not include leading or trailing spaces.
Added clarifications regarding the credential expiry date functionality; see the CardExpiryDate and MaxRequestExpiryDate sections.
The CMSCardRequest/Group/User/CardUpdate/ParametersXML/UnlockPIN option is not supported.

Note: The Lifecycle API is now deprecated. For information about the status of this feature, see section 18.1.14, Lifecycle API support.

17.4.10 Microsoft Azure Integration Guide

The Microsoft Azure Integration Guide has been updated with the following:

Information about requirements for the new authentication database.

See the Prerequisites section.

17.4.11 Mobile Authentication

The Mobile Authentication guide has been updated with the following:

Added information about configuring the verification service to use an alternative authentication method to 2-way TLS.

See the Disabling 2-way TLS for the internal authentication service section.
Added information about the local log on privilege requirements for the MyID web service user.

See the Installing the verification service section.
The MyID Authenticator app is now available for Android devices.

See the MyID Authenticator section.
Updated the installation process for the MyID Verification Service – now uses the main MyID installation program.

See the Installing the verification service section.
Updated the AD FS Adapter for MyID instructions. This is now called the AD FS Adapter Mobile, and shares an installation program with the AD FS Adapter OAuth.

See the AD FS Adapter Mobile section.

17.4.12 Mobile Identity Management

The Mobile Identity Management guide has been updated with the following:

Supported iOS and Android operating systems.

See the Supported devices section.
Added VMWare Workspace ONE to the list of supported Mobile Device Management (MDM) systems.

See the Supported Mobile Device Management integration section

17.4.13 MyID Authentication Guide

The MyID Authentication Guide is new for this release.

See section 17.1.9, MyID authentication service for details of this new feature.

17.4.14 MyID Core API

The MyID Core API document is new for this release.

See section 17.1.11, MyID Core API for details of this new feature.

17.4.15 MyID Operator Client

The MyID Operator Client guide has been updated with the following:

Added Request Device Renewal to the list of features controlled by the Request Replacement Card entry in Edit Roles.

See the Roles and groups section.
Added details of the new date fields.

See the Entering dates and times section.
Added information about capturing user images.

See the Capturing images section.
The list of recommended browsers has been updated.

See the Supported browsers section.
Clarifications regarding the credential expiry date functionality.

See the Approving requests section.
Added information on using security phrases to log on to the MyID Operator Client.

See the Signing in using security phrases section.
Added information on configuration changes that require the web server to be refreshed.

See the Known issues section.
Added information on canceling a device.

See the Canceling a device section.
Adding information on removing a person.

See the Removing a person section.
Added Windows Hello to the list of device types you can request.

See the Requesting a device for a person section.
Added clarification on the use of the button bar.

See the Using the button bar section.

17.4.16 Operator's Guide

The Operator's Guide has been updated with the following:

Added information on using the new Identify Device (Administrator) workflow.

See the Using the Identify Device (Administrator) workflow.
Added information on the server-generated PINs option for the Reset Card PIN workflow.

See the Resetting a card's PIN section.
Clarifications regarding the credential expiry date functionality.

See the Setting expiry dates for a card section.
Added information on the legacy Change PIN workflow.

See the Changing a card's PIN section.
Added information on not configuring your system to upload images to the web server instead of the database if you are using the MyID Operator Client.

See the Storing images on the web server section.

17.4.17 PrimeKey EJBCA Integration Guide

The PrimeKey EJBCA Integration Guide has been updated with the following:

Clarifications regarding using an HSM-backed RA certificate.

See the Configuring the MyID RA user and Configuring the CA within MyID sections.

17.4.18 Printer Integration Guide

The Printer Integration Guide has been updated with the following:

Support for Zebra printers has been deprecated.

See the Supported printers section.
The Datacard section has been renamed Entrust Datacard, and the details of supported Datacard driver version and printer models have been updated.

See the Supported printers and Entrust printers sections.
The XID section has been updated with details of the supported printer software, and a note about the incompatibility of the standalone XID printer driver with the EDISecure Connect software.

See the XID printers and Installing the printer software for XID printers sections.

17.4.19 Self-Service App

The Self-Service App guide has been updated with the following:

Clarification on the procedure to hide which actions are available.

See the Controlling which actions are available using the registry section.

17.4.20 Smart Card Integration Guide

The Smart Card Integration Guide has been updated with the following:

Information about SafeNet eToken 5300 FIPS (Mini) and SafeNet eToken 5300 (Micro) USB tokens has been added.

See the Thales authentication devices and SafeNet eToken 5300 tokens with Touch Sensor sections.
Updated the interoperability information to state that you can use YubiKey tokens to store additional identities.

See the Additional identities for YubiKey tokens section.
Information about Egofy v3.0 with FIDO devices has been added.

See the Egofy smart cards section.

17.4.21 Symantec MPKI Integration Guide

The Symantec (DigiCert) Managed PKI Integration Guide has been updated with the following:

Updated example CA URL for MPKI 8.

See the Configuring the CA in the Certificate Authorities workflow section.

17.4.22 System Interrogation Utility

The System Interrogation Utility guide has been updated with the following:

Information about the requirement for port 5985 when running the SIU remotely has been added.

See the Running the SIU section.

17.4.23 System Security Checklist

The System Security Checklist has been updated with the following:

Clarification on the Show Full Name at Logon and Show Photo at Logon configuration options.

See the Visibility of user data section.

17.4.24 Thales Luna HSM Integration Guide

The Thales Luna HSM Integration Guide has been updated with the following:

Information about the Universal Client software and Thales Data Protection on Demand (DPoD).

See the Supported Thales Luna HSM models section.
Changes for 64-bit operation throughout the document.

17.4.25 Web Service Architecture

The Web Service Architecture guide has been updated with the following:

Information on configuring the web services to handle reverse proxies.

See the Reverse proxies and load balancing section.

17.4.26 Windows Hello for Business

The Windows Hello for Business Integration Guide guide has been updated with the following:

You can now use the MyID Operator Client to request or cancel a Windows Hello credential.

See the Requesting a Windows Hello credential and Canceling a Windows Hello credential sections.

17.4.27 Updates for 64-bit MyID

The documentation throughout has been updated for 64-bit operation. Primarily the changes are:

The default installation location for MyID server has changed from:

C:\Program Files (x86)\Intercede\

to:

C:\Program Files\Intercede\
Registry locations on the MyID server no longer use the WoW6432Node.
MyID now uses the Windows System32 folder instead of the Windows SysWOW64 folder.

Note: MyID clients continue to be supplied as 32-bit applications, so paths and registry settings relating to clients have not changed.

17.4.28 Supported operating systems and databases

The documentation throughout has been updated to remove support for the following:

Windows 8.1
Windows Server 2012 R2
SQL Server 2012 SP4

See section 17.5.4, Windows 8.1 end of support, section 17.5.5, Windows Server 2012 R2 end of support, and section 17.5.3, SQL Server 2012 SP4 end of support for details of the end-of-support features.

17.4.29 Additional Windows installer requirements

The documentation throughout has been updated to remove the additional requirements for Windows installer versions. All versions of Windows supported by MyID have a suitable version of Windows installer included as standard.

17.4.30 Document conversions

The following documents are now available in HTML, allowing for full text search across the documentation set:

Only the Lifecycle API document is now available only in PDF format; for information about the status of this document see section 18.1.14, Lifecycle API support.