4.2 Linked credentials
When you use enterprise attestation, MyID CMS may be able to extract a serial number from the authenticator that uniquely identifies that physical device. This depends on the capabilities of the device and how it was manufactured.
This serial number may also be the same as the serial number obtained during PIV credential issuance, again depending on the manufacturer.
If this serial number is available, MyID CMS can use it to identify all issued credentials that are issued to the same physical device; for example, you may have multiple passkeys on the same device, or a PIV credential and a passkey.
When MyID CMS records the serial number for a passkey, it uses the base device serial number and appends a number based on the number of credentials issued to the device.
To view linked credentials:
-
Search for a device, and view its details.
You can search for all credentials that share the same physical device by using the physical device's Serial Number with a wildcard; for example:
12345678*
returns all credentials issued to the physical device with serial number 12345678.
Alternatively, insert the device into a reader.
You can also view a device from any form that contains a link to the device.
For example:
- Click the item in the list on the Devices tab of the View Person form.
- Click the link icon
on the Device Serial Number field of the View Request form.
-
Click the Linked Credentials tab.
This tab lists all of the credentials on the same device that MyID CMS can correlate using their serial number.
You can click on a device in the list to open its View Device page.