New Features
General Features
- Multi-tenant, microservices, and API-based architecture
- Unified platform with role-based access control
- Supports deployment on cloud and on-premises using docker and docker compose
- Modular structure for flexible configurations
- Customizable branding
- Customizable dashboards based on roles
- Supports user federation, identity federation, and identity brokerage
- Issuance of multiple types of identities
- Customizable identity issuance and authentication flows
- Zero trust and passwordless capability
- Supports single-sign-on
- Notifications triggered based on specific events
- Unifyia client service for users and operators for device interactions
- In-person supervised PIV ID issuance and self-issuance of additional identities (DPIV/DFIDO)
leveraging PIV ID
- Self-issuance of mobile identities on the ID Wallet app
- PC and Mobile responsive design
Supported Standards
- PIV/CIV/DPIV Issuance: FIPS 201-3 Personal Identity Verification (PIV) of
Federal Employees and Contractors
- ID Proofing IAL1,2,3: NIST Special Publication 800-63A
- Authentication AAL 2,3: NIST Special Publication 800-63B
- FIDO/DFIDO issuance: FIDO2 Specifications
- Fingerprints: ANSI and ISO-compact 19794 compliance standards.
- Iris: ANSI and ISO-compact 19794 compliance standards.
User Management
- Onboard Users
- Enroll User – Information, Document, Face, Fingerprints, Signature capture.
- Approve and reject enrollment
- Issuance Policies – Personalize and Print
- PIV/CIV/DPIV Card Activation
- Lifecycle Management for operators and users – Identities and
Credentials
- Enforcement of zero trust, passwordless authentication (OTP and Passkeys (FIDO2) for the very first-time administrator login using password.
- Supported OTP authenticators - Unifyia ID Wallet, Google, Microsoft, Okta Verify, Others
- FIDO2-supported platform (TPM such as Windows Hello, Touch ID, Face ID, etc.) and
cross-platform authenticators (External security keys such as Yubikeys)
- Multiple types of authentication methods
- PIV ID
- CIV ID
- Derived PIV ID
- Derived FIDO ID
- Federated PIV IDs
- FIDO2-supported platform and cross-platform authenticators
- Unifyia ID Wallet with PKI
- Unifyia ID Wallet with Push Verify
- Unifyia ID Wallet with OTP
- Unifyia ID Wallet with FIDO2 credential
- Delete Users
Configurations
Passkey (FIDO2) Policy
- Add, edit, and delete policies.
- Supports single registration and authentication policy configurations of FIDO security keys per tenant.
Groups
- Add, search, edit, and delete groups.
Device Profiles
- Add, edit, and delete device profiles.
- Support to store the keys in the database.
- Support for diversifying the master keys.
- Supported devices are as below:
- Personal Identity Verification (PIV) based smart devices
- IDEMIA- ID-One PIV v2.4.2 on Cosmo V8.2
- IDEMIA- ID-One PIV 2.4.1 on Cosmo V8.1
- IDEMIA- ID-One PIV 2.3.4 on Cosmo V7
- Giesecke & Devrient - G&D SCE 7.0 with PIV Applet V1.0
- ZTPass - ZTPass on NXP P71D600
- Thales- Thales IDPrime PIV v3.0
- Yubico - YubiKey 5 Series
- ID Cards
- Mobile Identities (Requires Unifyia ID Wallet App)
Visual Designs
- Add, edit, and delete visual designs for PIV/CIV on smartcard and mobile identities.
Workflows
The workflow module supports the following:
- Add, search, edit, clone, and delete workflows.
- Define the identity types to be issued
- Select the device profiles
- Define device validity
- Define the maximum number of devices allowed per user
- Define which group(s) the workflow is for.
- Define for which role(s) the workflow is visible.
- Define the ID proofing documents from the list of I9 documents
- Support to define what data and biometric (ID Document, User Information, Face, Iris,
Fingerprints, and Signature) enrollment elements need to be captured.
- Support configuration of the modes of issuance and personalization of smart cards/security keys
- Support to add SAN to the certificates
- Support to read the UPN value from the user's parent directory and map it to the UPN attribute
in the authentication certificate.
- Support to write the data back to directories
- Support to write back and delete certificate mapping attributes upon certificate issuance and
revocation
- Support to configure derived PIV requirements and lifecycle options based on the issuance status
of the primary PIV ID.
- Allow user activation using PIN verification after the device issuance.
- Support to configure the mobile digital Identities - Push Verify, Consent, OTP, FIDO,
Certificates (Authentication)
Notification Providers
- Add, edit, and delete notification providers.
- Supports the addition of only one Email or SMS server at any point in time.
Notifications
- View preconfigured notifications for user group
- Edit, reset, enable, and disable SMS and Email notifications
Branding
- Customizable branding for the organization. Can change the header, login
page, email, and favicon.
General Settings
- General organizational information. Provides organization metadata
for the service providers and relying parties for SSO integration.
Content Signing Certificate
- Supports uploading of a content signing certificate for
signing data personalized to smart cards, security keys, or mobile identities.
Access Control
Roles
- PIV Roles
- View, enable, and disable roles.
- Edit role permissions and device actions.
API Keys
- Generate, view, and delete API keys.
MFA
- View, enable/disable, and delete authentication modes.
- Manage different credential types to enable multi-factor authentication
Integrations
Identity Providers
- Manage Identity federation
- Add, edit, and delete identity providers
- Map user attributes between IdPs and the Unifyia platform
- Supported protocols – OIDC and SAML
- Supported IdPs – Entra ID and Okta on OIDC and SAML protocol
User Provisioning using SCIM Protocol
- Support to configure the Unifyia platform as a SCIM server for selected applications (SCIM
clients).
- Facilitate centralized user and group management.
- Manage user and group provisioning and deprovisioning
- Add new applications
- Edit SCIM-server configuration.
- Supported SCIM-client: Okta
Directories
- Manage User Federation
- Add, edit, and delete directories
- Map user attributes between directories and the Unifyia platform
- Supported directories over LDAPS – LDAP-supported directories, Active Directory
Enterprise Connections
- Add, edit, and delete user resources with integrated enterprise applications
- Map two-way sync parameters – the application to the Unifyia platform and the Unifyia
platform to the application.
- Synchronize user data with applications over protocols – OAuth2-OIDC
- Supported application: Okta
SSO Applications
- Add, edit, and delete SSO applications
- Supported protocols – OIDC and SAML
- Supported SSO applications – Okta using OIDC and SAML protocol
Certificate Authorities
- Add, edit, and delete Certification authorities
- Supported CAs - MSCA, EJBCA, and Entrust
Monitoring
- Predefined report templates.
- Create, view, edit, and delete reports
- Download reports in CSV or PDF file formats.
- Customize the frequency of report generation.
- Customize report fields and filters
- Customize field order