ID Wallet Configurations

This tutorial helps you to learn more about the available options in the ID Wallet section while creating a workflow.

This section is visible only upon selecting the ID Wallet device profile under the General section. Select this option if you intend to issue mobile digital identities.

Hardware Backed Authentication

Select Enforce Hardware Backed Authentication option to mandate users to enable and be authenticated using a subset of their secure lock screen credentials such as Pattern/PIN/Password/Fingerprint/Face. This enables the users to use the existing device access security feature to log in to the ID Wallet application.

Digital Identity Issuance Configuration

This section allows you to configure the type of mobile identity credentials to be issued. You can add additional identities and delete them as required. Furthermore, you can configure certificates and set notifications for expiring certificates issued on mobile devices.

  • Issue Mobile Identities: If you have already selected the option to add the Mobile Wallet to the workflow, the Issue Mobile Identities option is automatically selected.
  • Bind Expiration to the existing identities used for ID Proofing: Select this option to align the ID wallet expiry date with the expiry date of the identity proofing document submitted for verification.

Follow the steps below to configure the mobile identity credentials you wish to issue on the ID wallet app for the users associated with this workflow.

  • Create a friendly name for this identity: Provide a name for the new wallet identity being created.
  • Enable Issuance/Printing Visual ID: This section is visible only if you have selected a PIV ID to be issued. This section allows you to configure the issuance of a visual ID on an ID Wallet app for a selected group(s).
    • Groups: The same groups selected in the General section are auto-populated.
    • Select Visual Design: Select the type of visual design to be issued as a visual ID on the mobile device for the selected group(s). As mentioned above, if you have multiple groups and multiple visual designs, you can configure a unique/same visual ID to be issued for each group.

There are four credentials that you can issue for each identity.

  1. Push Verify: Select this option if you want the ID wallet app to support push-based user authentication to multiple integrated applications.
  2. Soft OTP: Select this option if you wish to implement an OTP-based login for various integrated applications. This facilitates multi-factor authentication and is also used for offline login purposes.
  3. FIDO2: Select this option to enable custom Webauthn passwordless authentication to applications.
  4. Certificates: This enables the Push Verify with PKI option for authentication. Select the option Configure Certificates to issue with Mobile Wallet to set up the authentication certificate for enabling smart card login using PKI credentials. Presently, only the authentication certificate is permitted for mobile identities. Therefore, the Escrow and Disable Revocation options for the key management certificate are not applicable. Select the below options for the certificate.
    1. Certificate Type: Select the PIV Authentication certificate.
    2. CA Server: Select the Certificate Authority that would issue the certificate.
    3. Certificate Profile: Select the certificate profile created in the Certification Authority.
    4. Algorithm: Select the algorithm type, e.g., ECDSA, RSA, etc.
    5. Key Size: Select the key size based on the selected algorithm, e.g., 256, 2048, etc.
    6. Subject DN: Select the list icon under the Subject Distinguished Name (Subject DN) column and define a format for the DN pattern for each certificate. Select the tick icon to save or the cross icon to cancel it, e.g., ou,cn,o
    7. Actions: Select the Plus icon to add a row to configure another certificate type and set the values as explained above. You can add a maximum of four certificate types.

Additional Configurations

  • Sign data written to the mobile containers with the issuer signing certificate: Select this option to sign the data written to mobile containers with the issuer signing certificate for additional security. For this to be executed, ensure to upload the Content Signing Certificate.
  • Notify users of any certificates expiring in: Select a value to specify when to start sending notifications to the user regarding expiring certificates. For instance, if the value is set to 5, notifications will be sent to the user 5 days before the certificates expire, warning them about the impending expiration of the certificate issued on the mobile device.
  • Email Notification Frequency: Select a value to set the frequency of sending the notifications

Select Save to create a new workflow or Cancel to exit the process.


Back Next
On this page
Related Links