Create Workflow

This tutorial helps you to learn about the prerequisites, default workflow, and the various sections that are available to create a workflow.

Prerequisites

Before creating a workflow, you must

  • add required groups.
  • add and configure required visual designs.
  • Add and configure required device profiles.
  • integrate certificate authority for certificate issuance.

Default Workflow

Organizations can establish a default workflow for specific groups, enabling a unified policy for all users within that group. This streamlines task management and execution while ensuring consistency in process. This feature is especially helpful when importing users from directories or IdPs, as all imported users can be assigned to a single workflow that applies the same set of policies to everyone. To set a workflow as the default, select the Default Workflow checkbox under the General > Workflow Details section. It must be noted that an organization can only have one default workflow at any point in time. If you need to set a different workflow as the default, you must first uncheck the current default option and then check the option for the workflow you wish to set as the new default.

Creating a workflow

Log in to the Unifyia platform. On the dashboard, navigate to Configuration > Workflows. On the List of Workflows page, select + Create Workflow. The Create Workflow page displays the four main sections - General, Data and Biometrics Enrollment, Smart Card/Security Key Credential Issuance, and ID Wallet. You need to enter the required data as per your organization's policies to complete the configuration of the workflow.

Overview of the Workflow Sections

This section offers a concise overview of the various segments in the workflow. Some segments appear depending on the chosen identity type and device profiles. This table is designed to help you understand all the segments and available configurations, making it easier for you to configure a workflow according to your identity issuance policies.

Overview of the Workflow Sections

Section Possible Configurations Descriptions
General In this segment you provide a name and description, specify the identity type to be issued, select required device profiles, select the groups for which this workflow is being created, and determine which roles have visibility of this workflow. You may also define if this workflow would be a default workflow for all the users. Note: For an organization, there can be only one default workflow.
Device Validity and Expiration Policies You can set the identity validity and specify the number of devices that can be issued to a single applicant.
Data and Biometrics Enrollment This segment allows you to configure what type of user data and biometrics are to be collected during enrollment.
ID Proofing Select this option if ID proofing is required and set the required ID proofing documents to be collected during enrollment.
Enrollment Selected this option to capture user information. The form fields for capturing user data are automatically populated based on the selected identity type. However, you can remove fields and choose which ones are mandatory or optional.
Face Select this option if face capture is required and set the preferred crop size window to capture the face and define if you require image transparency.
Iris Select this option to capture the irises of the user. The default mode is dual.
Fingerprint Select this option to capture fingerprints and define whether you need to capture rolled or flat fingerprints, set fingerprint threshold quality, and the minimum number of fingerprints - 2, 4, or 10 to be captured.
Signature Select this option to capture the user's signature.
Approval Select this option if adjudication is required and define which group(s) can review and approve enrollment.
Smart Card/Security Key Credential Issuance This segment allows you to configure various options to issue identities on a smart card or security key. Note: The chip personalization option is enabled only if at least one smart card or security key device profile is selected under the General section.
Chip Personalization and Printing Set issuance options and define which groups can issue the selected identity devices.
Visual Designs This section is visible only if the identity type is a smart card and you have selected to print an ID. The Groups and the Visual Design fields are auto-populated with the group(s) and the identity type selected under the General section.
Certificates In this section, configure the various certificates to be issued on smartcards and security keys.
Additional Configurations You can configure to save the issuance status of the credential to a selected directory, read the UPN value from the user's parent directory and map it to the UPN attribute of the authentication certificate, set the Microsoft recommended reverse certificate mapping, define if you need content signing, and notifications for expiring certificates.
Primary Credential Verification Configuration This section is visible only if the identity type is DPIV. This section allows you to configure if the system can read and authenticate the primary credential and verify it to issue a Derived PIV credential and to whom should the policy be applied,
Derived Credential Lifecycle This section is visible only if the identity type is Derived PIV and allows you to manage the derived PIV status in line with the primary credential status in the source directory.
Activation Select this option if activation of the issued identity device is mandatory and set the verification policy. Currently, only activation with PIN is supported.
ID Wallet Configurations This segment allows you to configure options to issue mobile digital identities. This section is visible only if you have selected the ID Wallet device profile under the General section.
Hardware-Backed Authentication Selecting this option allows users to use the device's secure lock screen credentials (Pattern/PIN/Password/Fingerprint/Face) to authenticate to the ID Wallet app.
Digital Identity Issuance Configuration This section allows you to configure the issuance of mobile credentials.
Enable Issuance/Printing Visual ID This section is visible only if you have selected the identity type as PIV. It allows you to configure the issuance of the visual ID on the ID Wallet app.
Additional Configurations This section allows you to define if you need content signing and notifications for expiring certificates.

Back Next
On this page
Related Links