2.4 Prerequisites

2.4.1 SMS gateway

You can configure the system to use any SMS gateway. To set up the system to communicate with your SMS gateway and allow MyID to send text messages to the users' mobile devices, you must have some knowledge of ASP and JavaScript.

See section 3.4.3, Configuring the SMS gateway for MyID Desktop for details.

Alternatively, you can use email for notifications.

2.4.2 Communication with the MyID mobile web services

To allow your mobile device to obtain and work with mobile IDs, your device must be able to communicate with the URLs of the MyID mobile web services; for example:

https://myserver/MyIDProcessDriver/

https://myserver/MyIDDataSource/

Where myserver is the name of the server on which the MyID web services are installed.

Note: If you attempt to browse to these URLs from the mobile device, you will see an error due to the security set up on the web service folders; this does not mean that the connection has failed.

Your PC-based MyID clients must also be able to communicate with these web services. For example, QR codes are generated on the web services server by the MyIDDataSource web service, and embedded in the workflow.

2.4.3 SSL certificate

Before you start provisioning mobile devices, you must issue an SSL certificate from a trusted root CA.

Issuance will fail if the SSL certificate used on the MyID web server is untrusted by the mobile device. Intercede recommends that either an SSL certificate is issued by a trusted public root CA, or that devices have a trusted root CA for the issuing CA added to their Trusted Root stores.

2.4.4 IIS and web service users

The MyID IIS and MyID web service users must be members of the IIS_IUSRS Windows group; this is necessary for .NET 4 to operate correctly.

2.4.5 Logon mechanisms for mobile identities

The server update installation program turns on the Password Logon logon mechanism, which is essential for the correct operation of mobile identities. You must review your settings for logon mechanisms for the end user roles – you can switch off password logon for individual roles by using the Assign Logon Mechanisms feature in the Edit Roles workflow.

2.4.6 REST API for provisioning mobile credentials

MyID provides a REST API for provisioning mobile credentials (rest.provision). This API is currently used only for Mobile Identity Management integration projects where a mobile application written by third party vendors is using the Identity Agent Framework version 3.2 and above for iOS or Android. Where other mobile apps are used, for example apps built with earlier versions of the Identity Agent Framework, the existing APIs remain in place and continue to operate as before.

If you are using the Identity Agent Framework, make sure you select the Provisioning API (rest.provision) option on the Server Roles and Features screen in the MyID Installation Assistant.