Operator Guide

The Unifyia platform for operators is a unified platform for sponsoring, enrolling, adjudicating, issuing, and managing identities for users and partners. It allows operators to issue identities on devices such as smart cards, NFC cards, security keys, and mobiles.

The access to the Unifyia platform is role-based as per the specifications outlined in FIPS 201-3. Access to different modules on the platform for operators is based on the access privileges assigned to them. Each role may be assigned exclusively based on the activities to be performed on the platform.

This guide assumes that the actions performed by Sponsors, Registrars, Identity Issuers, Security Officers, and Helpdesk Operators as operator functions. Hence, this guide acts as a single point of reference for all the operators to understand the various functions that they can perform. Organizations may use their discretion in assigning privileges based on their defined organization policies. Learn more about roles and permissions.

Intended Audience

This guide is intended for the operators who manage user onboarding, enrollment, adjudication, identity issuance, and identity management.

You in this entire document refers to an operator.

Unifyia Platform Capabilities

The Unifyia platform allows you as operators to perform the following functions:

  • Onboard users
  • Enroll user data and biometrics
  • Manage approval
  • Issue multiple types of identity devices to users
  • Manage issued identities
  • View and import directory users and issue identities
  • Use the identity reader option to view PIV device information
  • Reset an identity device to factory settings
  • Delete Users

Once you search for a user, you will find a list of icons under the actions column based on the user status. Select the icons based on the action to perform.

Based on the permissions granted to you on the Unifyia platform, you may have access to the following modules:

  • Dashboard
  • Management
    • Users
    • Master Directory View
    • ID Reader Tool
    • Factory Reset

The Management module helps operators to manage all the activities related to the users such as onboarding, enrollment, approval, issuance, lifecycle management of the issued identities and deleting users.

Supported Browsers to Access the Unifyia platform

  • Windows
    • Google Chrome
    • Microsoft Edge

Before You Begin

  • Ensure that you're registered with the necessary privileges as an authorized operator within your organization.
  • You must have at least one active identity device to access the Unifyia platform.
  • To complete enrollment, you may require a document scanner, camera, fingerprint scanner, iris scanner, and signature pad based on the user information being captured.
  • Have installed the Unifyia Operator Client on your system to access the connected devices.
  • Relevant devices such as PIV cards or security keys are available if you are issuing physical identities.
  • Should you encounter any difficulties, please reach out to the administrator for assistance.

Login

Login to the Unifyia platform with the PIV ID issued to you or any other passwordless authentication method approved by your organization. For smart card based login follow the below steps:

  1. Launch the Unifyia platform.
  2. On the sign-in page, select Use Smart Card.
  3. Connect a smart card reader and insert the issued PIV ID.
  4. Select the certificate with which you would like to sign in.
  5. Enter PIN.
  6. You are successfully logged into the platform.

Dashboard

The panels displayed on the dashboard are privileged-based. Generally, for an operator, the following panels are visible.

  • Pending Enrollment
  • Pending Issuance
  • Pending Requests
  • User Statistics
  • Identity Devices

You can retrieve a list of users for a specific period by choosing a start date and end date on each dashboard panel.

Pending Enrollment

The pending enrollment panel displays the details of all the users who have been onboarded but are yet to be enrolled or in the process of enrolling. You will find icons for each action that can be done for a user. Select the icon corresponding to the action to perform the following actions for each enlisted user using this dashboard.

  1. Begin Enrollment: Select Begin Enrollment to start enrolling a user.
  2. Edit Onboarded Information: Select Edit Onboarded Information to edit the data collected during onboarding. Once you complete the editing of data, ensure to update the data.
  3. Delete User: Select Delete User to delete a user.
Pending Issuance

The pending issuance panel displays the details of all the users who have been enrolled but have not yet been issued a device. The following actions can be performed for each enlisted user using this dashboard.

  1. Issue Identity: Select Issue Identity to start the process of identity issuance.
  2. Enrollment Details: Select Enrollment Details to view or edit the enrollment data. Once you complete editing the data, ensure update the data.
  3. Delete User: Select Delete User to delete a user.
Pending Requests

The pending requests panel displays the details of all the users whose enrollment needs to be reviewed and approved to proceed with the issuance. The following actions can be performed for each enlisted user using this dashboard.

  1. Approve/Reject Enrollment: For each user listed under this panel, you can approve/reject enrollment.
  2. Enrollment Details: Select the Enrollment Details icon to display the details of the enrolled users. You can edit or delete the enrolled user details. You can also view the User Enrollment History.
  3. Delete User: Select the Bin icon to delete users.
User Statistics

The user statistics panel displays the list the user roles and their status statistics.

Identity Devices

The identity devices panel displays the list of all the types of identity devices issued and their status statistics.

Onboard Users

Prerequisites
  1. A group must be created for the users to be assigned.
  2. A workflow for this group must be configured to define the issuance policy.

Onboard users feature allows you to sponsor a user by adding basic information regarding the user. While sponsoring, the user is also assigned a group(s) to define what identities are to be issued based on the configured workflow for this group and a role (to define what privileges are allowed.) Additionally, if organization policy permits, the user may also have access to the self-service portal to add and manage issued identities.

To sponsor a user, navigate to Management > Users. On the displayed page, select + Onboard User. The Onboard User page appears. Provide the following data:

  1. First Name (e.g., Simone)
  2. Last Name (e.g., Clark)
  3. Username: Unique name to identify the user (e.g., simoneclark)
  4. Email: Should be unique
  5. Assign to Group: Select the group from the drop-down list to which the user needs to be assigned.
  6. Assign to Role: Select the role(s) to assign to the users. Depending on your organization's policy, you can assign multiple roles to each user. The ability to assign multiple roles is determined by the privileges granted to the sponsoring operator. For example:
    • If you want to onboard the user with the role of User, select only the User role.
    • If you want to onboard a user with dual permissions of a sponsor and user, select both the roles - User and Sponsor. For more information on roles, refer to appendix Roles.
  7. Slide the Allow Self-Service button to the right to grant the user access to the platform.
  8. Select Save to onboard the user or Cancel to exit the process.
  9. The user is sent a welcome email. Additionally, if enabled, the user will also receive an enrollment invite email to continue with the enrollment process.

This completes the onboarding of a user. However, if as an operator you are permitted to continue with the enrollment, you are directed to proceed with the enrollment of the user. You could choose to continue by selecting Yes or cancel by selecting No.

Edit Onboarded Information

If you want to edit the onboarded user information, go to the main menu Management > Users. Search the user either by name or email. Under the Actions column, select the Edit Onboarded Information icon and edit the details as required. Once completed, select Save to update the details of the user.

NOTE
You cannot edit the user information once the enrollment of the user starts.

Import Users from Directory

The Unifyia platform enables you to view the mapped attributes of a selected user and import the user from a chosen directory. Depending on organizational policies, identities can be assigned to users. Additionally, the platform supports the lifecycle management for these issued identities. Before importing users, the following prerequisites must be managed by your administrator.

Prerequisites:
  • The directory from where you are trying to import the users must be integrated.
  • Groups must be created for the users being imported and group mappers must be configured for the directory. If not, all the users will be assigned to the default workflow which has preconfigured groups. Note that for an organization, there can be only a single default workflow.
  • LDAP/AD Mappers must be configured to map the user attributes to the directory attributes.
Steps to Import a User
  1. Go to Management > Master Directory View.
  2. On the displayed page select a Directory from the drop down.
  3. Provide either first name, given name, last name, email, or username to search for a user. Press Enter.
  4. The list of users matching the given search criteria is displayed.
  5. Select the user that you wish to import and select the View Details icon under the Actions column to view the details of the user.
  6. The details of the users are displayed.
  7. Select Import to import the user.
  8. You can notice the message that the user has been successfully imported.
  9. You can now issue credentials according to the configured organization policies.
NOTE
If you import a user, issue credentials, and then re-import the same user from the directory, only the user details are updated. The details of the issued devices remain unchanged.

Issue Identities to the Imported Users

Before issuing identities to users imported from directories, ensure that the following prerequisites have been configured by your organization's administrator:

  • Device profiles must be added for the types of identity devices that the organization plans to issue to the imported users.
  • Relevant visual designs must be created based on the identity types to be issued.
  • Groups must be created for the users being imported and group mappers must be configured for directory. If not, all the users will be assigned to the default workflow which has preconfigured groups. Note that for an organization, there can be only a single default workflow.
  • Workflows must be created for the groups if the imported directory users need to be assigned to a specific group(s).
  • Approval for issuance of identity devices is not required for the imported directory users.

The issuance process is similar to that of the users enrolled via the platform.

Enroll Users

You can manage an in-person, supervised enrollment of the user using the enrollment feature. This section outlines the various steps required to capture both user biometric and biodata information. The enrollment steps may vary depending on the configured workflow for the group to which the user is assigned.

Navigate to Management > Users. Search the user either by name or email. Under the Actions column, select the Begin Enrollment icon. The enrollment wizard is displayed. It presents a series of steps that must be completed to complete the data capture process. As you progress from one step to another, the information provided during each step is saved. Typically, the entire enrollment process includes the following steps:

  • Uploading or capturing at least one ID proofing document.
  • Providing the user information
  • Uploading or capturing the user's face image
  • Capturing the user's iris images
  • Capturing the user's fingerprint images
  • Capturing the user's signature
  • Viewing the captured data on the summary before saving the enrollment data.

In the sections below, each step is explained in detail to provide a comprehensive understanding of the data capture process.

Capture ID Proofing Documents

On the document capturing wizard, you must upload the identity proofing documents (I9 documents) of the user. The list displays the allowed ID document based on the group assigned to the user. You can add the ID proofing douments in three different ways - upload local images, capture using a camera, or capture using a document scanner. Select the Add ID Document button and follow the below steps:

  1. Select the Identity Document Type from the dropdown list, e.g., Birth Certificate, US Passport, etc. Refer to the List of I-9 Documents and Issuing Authorities for the complete list of documents that are allowed for identity proofing.
  2. Based on the selected identity document type, the Issuing Authorities are displayed. Select the relevant issuing authority.
  3. Capture Mode: Select one of the below options to continue. If the document does not have information on the back side, you can skip the step to capture the back side image of the document.
    • Capture: Capture images of both the front and back of the identity document using a connected camera or webcam. You can zoom in and out of the captured image to crop it to the required size. Use the recapture option to restart the capturing process if needed.
    • Upload: Upload the local images of the document. Supported formats for upload are PNG, JPG, and PDF.
    • Document Scanner: If a document scanner is connected, select the scanner type. Scan the front and back sides of the document one side at a time. Select Next to save the captured documents and proceed to the next step. The information capture wizard is displayed.

Capture User Information

On the information capture wizard, provide the user biodata. The enrollment form displays the data elements based on the type of identity that is to be issued. Ensure to enter and verify all the mandatory information. Select Next. The face capture wizard is displayed.

Capture Face

On the face capture wizard, proceed to capture a face image by taking a photo using the device's camera or a connected camera. Alternatively, you can upload a photo from local images. The supported formats are PNG, JPEG, and JPG.

To learn more about how to capture a good face image for a PIV ID as per the instructions mentioned in the FIPS 201-3 standard, read PIV Photo Capture Instructions.

Capture Face Image

  1. Select Capture to display the face capture screen.
  2. If the plugged-in camera device is not selected, select a camera device listed in the drop-down. By default, the integrated camera of the laptop is selected.
  3. To capture a photo, adjust the position of the user's face within the cropping rectangle by moving the cropper box accordingly.
  4. You can zoom in or out to get a clear picture by selecting the buttons with the Zoom In and Zoom Out icons.
  5. Select the Crop button to capture the photo.
  6. If the workflow is configured to allow the conversion of the captured photo to a transparent image, the captured photo is converted into a transparent photo and displayed on the screen. If you wish to use the transparent image on the visual ID, for the Use Transparent Photo option, select Yes.
  7. Check the preview of the captured photo.
  8. If it is not clear, select Delete.
  9. Select Recapture to restart the photo capturing process.

Upload Photo

  1. Select the option Upload and select a photo stored locally on your device.
  2. You can zoom in or out to get a clear picture by selecting the buttons with the Zoom In and Zoom Out icons.
  3. Adjust the position of the user's face within the cropping rectangle by moving the cropper box accordingly.
  4. Select Crop to capture the photo.
  5. If the workflow is configured to allow the conversion of the captured photo to a transparent image, the captured photo is converted into a transparent photo and displayed on the screen. If you wish to use the transparent image on the visual ID, for the Use Transparent Photo option, select Yes.
  6. Check the preview of the captured photo.
  7. If it is not clear, select Delete.
  8. Select Recapture to restart the photo capturing process.

Once you have completed the face capture, select Next. The iris capture wizard is displayed.

Capture Iris

The next step is to capture the iris image. By default, the system is configured to capture both the irises.

  1. If the connected iris device is not selected, select it from the drop-down.
  2. Place the iris device in front of the user's face and position the eyes to capture the iris images.
  3. Select Clear to remove the captured images if you need to restart the iris capturing process.
  4. Select Next to continue. The fingerprint capture wizard is displayed.

Capture Fingerprints

Proceed to capture the user's fingerprints. There are two types of fingerprints that you can capture based on the workflow configuration - rolled and flat. Ensure that the fingerprints meet the set quality threshold limit. Follow the below sections to understand how to capture rolled/flat fingerprints.

Capturing Rolled Fingerprints

If the workflow is configured to scan two, four, or ten flat fingerprints plus the rolled fingerprints, then the wizard displays two wizard screens. In the first wizard, you need to capture all ten fingers individually in a sequence as highlighted on the screen in the rolled format. In the next wizard, you need to scan two, four, or ten flat fingerprints as configured. Follow the fingerprint capturing process section to understand how to scan and save fingerprints.

Capturing Flat Fingerprints

If the workflow has been configured to scan two, four, or ten flat fingerprints then there will be only one wizard for capturing fingerprint images. The wizard highlights the number of fingers to be scanned as per the configuration. For the 10 (slap) fingerprints capturing process, you will see rectangular boxes highlighting which hand and fingers to place to capture. Follow the instructions on the wizard to ensure that the right fingerprints are captured as per the configuration. Follow the fingerprint capturing process section to understand how to scan and save fingerprints.

Fingerprints Capturing Process

  1. If there is a single fingerprint scanner connected, the system displays it. Otherwise, select the connected scanner from the drop-down list.
  2. If the rolled fingerprints option is enabled, the wizard to capture the rolled fingerprints is displayed. Follow the instructions on the wizard and place the correct fingers to ensure that all the required fingerprints are captured in the rolled format.
  3. The next wizard helps to capture the flat fingerprints. The wizard indicates which finger should be placed on the scanner by highlighting it. Once you place the finger, the fingerprint is automatically captured. If you are capturing 10 fingers in a slap format, the screen indicates the format in which the fingers are to be placed. Continue till all the required fingerprint images are captured.
  4. If the allowed maximum number of attempts to capture the fingerprints is exceeded, or if the captured image does not meet the required quality threshold during the attempts, the Recapture Fingerprints button is enabled. Select it to restart the fingerprint capturing process.
  5. During the process, if you need to clear the captured fingerprint images, select Clear and select OK to remove all the captured fingerprints.
  6. Once you have captured the required fingerprints, select Next to move to the next step. The signature capture wizard is displayed.

Capture Signature

The final step is to capture the signature of the user.

  1. If the plugged-in signature pad is not selected, select it from the drop-down.
  2. Draw the signature in the signature box to capture a signature. Select Next to view the summary page.

View Summary

All the demographic and biometric details captured are displayed for a final review.

  1. To edit the details, Select the Back button or navigate to the respective enrollment step.
  2. If the data collected is as per the specifications, select Save to complete the enrollment. The enrollment process is complete for the user.
  3. Based on the configured workflow, the following actions are triggered.
    • Approval Enabled: If the approval option is enabled in the workflow, the user enrollment details are sent for adjudication. The user receives an email mentioning that the enrollment details are submitted for approval.
    • Approval Disabled: If the approval option is not configured, an automated email is sent to the registered email address of the user to register the user's mobile device via the Unifyia ID Wallet App to get the digital identities on the mobile device.

The next step is to issue identity devices. If you are granted permission to issue identities, you are prompted to proceed with the issuance. You can choose to continue or cancel.

To learn more about the credential management system and the issuance options available for the operators refer to the Credential Management System.

Approve Enrollment

Before You Begin

  • Ensure that you're registered with the necessary privileges (approver) as an authorized operator within your organization.
  • You must have at least one active identity device to access the Unifyia platform.

The approval process enables you to adjudicate i.e., verify the identity proofing documents submitted, and review the enrolled data, and biometrics.

  1. Search a user with name or email.
  2. Select Approve/Reject Enrollment icon against the selected user. The enrollment details of the user are dispalyed.
  3. The enrollment details of the user are displayed.
  4. To approve a user enrollment, click on Approve, select a reason for approving the user enrollment, and select Yes to complete the approval process or No to cancel and exit the process.
  5. To reject the enrollment, click on the Reject button, select a reason for rejecting it, and confirm by selecting Yes or select No to exit the process. Until the required information is submitted, the user record would be in Enrollment in Progress status. After the required details are submitted, the user has to undergo the approval process again to complete enrollment.

View Enrollment Details

The enrollment details option allows you to view and edit the enrollment data. Follow these steps:

  1. Go to Management > Users.
  2. Search for the user either by name or email.
  3. Under the Actions column, select the Enrollment Details icon.
  4. The enrollment summary page will be displayed.
  5. To edit the information, select Edit and make the necessary changes.
  6. Once you have made the edits, select Save to update the enrollment data.
  7. To delete the enrolled user, select Delete and confirm by selecting Yes, or No to cancel deleting the user.
  8. To exit the page, select Back.

User Enrollment History

If you wish to view the user enrollment history, select the User Enrollment History option at the end of the enrollment details page. It displays the following details.

  • Modified Steps:This displays the different steps where the data was modified.
  • Status:The status of the user enrollment.
  • Enrolled By:Displays the name of the operator who enrolled the user.

Once the enrollment details are verified and approved, the user is eligible for issuance and is listed under the ready for issuance list of users.

Issue Identities

The Issue Identities option allows you to issue multiple types of identities based on the set organizational policies.

  1. Go to Management>Users.
  2. Search for the user either by name or email.
  3. Under the Actions column, select the Issue Identities icon.
  4. The list of approved identities is displayed.

The following are the identity types typically issued by operators:

To learn more about the issuance options available for the operators refer to the Credential Issuance - Operators.

Manage Lifecycle of Identities

The Identity Lifecycle option allows you to issue multiple types of identities based on the set organizational policies.

  1. Go to Management>Users.
  2. Search for the user either by name or email.
  3. Under the Actions column, select the Identity Lifecycle icon.
  4. All the issued identities are displayed. For the identity you want to manage, select MANAGE. Based on the status of the device the options are displayed. You can perform the following lifecycle actions:
    • Suspend
    • Reactivate
    • Change PIN
    • Reset Device PIN
    • Revoke
    • Remove
    • Show PUK

To learn more about various identity lifecycle actions that you as an operator can manage refer to the Operator Lifecycle Management.

Read PIV ID

The ID Reader option allows you to read the contents of the PIV-supported devices or Security Keys. This is useful to verify if all the certificates have been loaded onto the device for authentication and verification. 

  1. Go to Management> ID Reader on the dashboard. The ID reader page is displayed.
  2. Connect a device. The system detects the connected device.
    1. For Smart card: Connect a card reader to your computer and insert a smart card.
    2. For Security Key: Insert the security key into a USB port.
  3. Enter the PIN of the device.
  4. Select OK to see the following details. The details displayed may vary based on the device type and device profile.
    1. Device Information: This is the ATR of the device, the serial number, and the model of the device.
    2. CHUID Information: CHUID stands for Cardholder Unique Identifier. This is a number that is stored electronically on a smart card.
    3. FASC-N: This is a primary identifier of the smart card for physical access control.
    4. Certificates: This section shows the details of the user and the certificates present inside the smart card. It displays the details of the below-mentioned certificates:
      1. Authentication
      2. Card Authentication
      3. Digital Signature
      4. Key Management
    5. User Biometrics: This section shows all the user biometrics captured as part of the enrollment process.

Invite to Pair Mobile Device

This option enables you to send an email invitation to register the user's mobile device with the Unifyia ID Wallet app. Note that if the workflow for the selected user is configured to issue mobile identities, only then the ID Wallet app option is visible. Here are the steps to follow:

  1. Go to Management > Users.
  2. Search for the user either by name or email.
  3. Under the Actions column, select the Invite to Pair Mobile Device icon.
  4. An email will be sent to the registered email address of the user informing the user to register and get the digital identities on the mobile device using the Unifyia ID Wallet app.

Factory Reset

The factory reset option enables you to reset the device with the factory keys, restoring it to its original state for reuse. Only identity devices in Revoke status are eligible for factory reset. You cannot reset an identity device if it is in an Active or Suspended status. Ensure that the Unifyia Operator Client is active and running.

  1. Go to Management > Factory Reset to display the factory reset page.
  2. Connect a device. The system detects the connected device.
    • For Smart card: Connect a card reader to your computer and insert a smart card.
    • For Security Key: Insert the security key into a USB port
  3. The type of the authenticator device (identity device) and device profile are auto-populated.
  4. Select OK to reset the device to factory settings or Cancel to exit the process.
  5. Once the factory settings are restored, the device is ready to be reused. You can now issue the device to users.

The following table shows the list of the identity devices for which the factory reset feature is enabled.

Devices Allowed for Factory Reset
Identity Device Keys Loading Diversified Customer Key-based GP, PIV Admin Keys Factory Reset Resetting PIV Containers/LDS Data
IDEMIA V7 GP Master, PIV Admin Yes Yes Yes
IDEMIA V8.1 GP Master, PIV Admin Yes No Yes
Giesecke & Devrient GP Master, PIV Admin Yes Yes No
ZTPass - ZTPass on NXP P71D600 GP Master, PIV Admin Yes Yes Yes
Yubico PIV Admin Yes Yes No

List of I-9 Documents and Issuing Authorities

The following is the supported list of I-9 documents and their issuing authorities for ID Proofing

List of I-9 Documents and Issuing Authorities
Document Name Issuing Authority
Accepted Receipt for ID Document Replacement Other
Agency ID Card U.S. Department of State
Alien Registration Receipt Card (Form I-551) USCIS
Birth Certificate County
Birth Certificate Municipal Authority
Birth Certificate State
Birth Certificate Other
Birth Report Certificate Department of State
Canadian Driver's License Canadian Government Authority
Clinic, doctor, or hospital record (under age 18) Other
Day-care or nursery school record (under age 18) Other
Driver's License Department of Motor Vehicles (DMV)
Employment Authorization Document (Form I-766) USCIS
Federal ID Card U.S. Department of State
Foreign passport (I-551 or MRIV) USCIS
Foreign Passport with Form I-94 or Form I-94A Micronesia (FSM)
Foreign Passport with Form I-94 or Form I-94A Other
Foreign Passport with Form I-94 or Form I-94A Republic of the Marshall Islands (RMI)
Foreign Passport with Form I-94 or Form I-94A USCIS
Foreign passport (I-551 or ADIT Stamp) USCIS
Merchant Mariner Card U.S. Coast Guard
Military Dependent's ID Card Department of Defense
Native American Tribal Document Alaska Eskimo
Native American Tribal Document Aleut Community
Native American Tribal Document Native American Indian Tribe
Permanent Resident Card USCIS
School Photo ID card Other
School record or report card (under age 18) Other
Social Security Card Department of Homeland Security
Social Security Card Social Security Administration
State ID Card Department of Motor Vehicles (DMV)
U.S. Citizen ID Card Department of Motor Vehicles (DMV)
U.S. Military Card or Draft Record Department of Defense
U.S. Passport or U.S. Passport Card U.S. Department of State
Voter's Registration Card Local Election Office
Voter's Registration Card State
Voter's Registration Card Other
Consular Report of Birth Abroad Other
Receipt: Form I-94 w/I-551 stamp, photo Other
Receipt: Form I-94 w/refugee stamp Other

Delete Users

To delete a user, go to Management > Users. Search the user by a username or an email in the search field. The user record is displayed. Select the Delete User icon at the far end of the displayed record to delete a user.

PIV Photo Capture Instructions

The photo on a PIV (Personal Identity Verification) card must be a full-frontal photograph. This means the image should capture the full face of the cardholder, facing directly forward, with a neutral expression and both eyes open. Here are some detailed specifications for the photo on a PIV card:

  • Head Position: The head should be centered and occupy about 50% to 70% of the frame.
  • Background: The background should be a uniform color or a single color pattern, preferably white or off-white. Avoid patterned, dark, or complex backgrounds. Ensure no shadows are present in the background.
  • Lighting: The photo should be well-lit, with no shadows, glare, or reflections.
  • Expression: The cardholder should have a neutral expression or a natural smile, with both eyes open.
  • Attire: The cardholder should wear normal attire. Uniforms, hats, or head coverings are not allowed unless worn daily for religious reasons.
  • Photo Quality: If you are uploading a photo should be clear, high-resolution, and free of any marks or blemishes.
  • These guidelines ensure that the photo on the PIV card is suitable for accurate identification and verification.

Back Next
On this page
Related Links