General Configurations

This tutorial helps you to learn more about the available options in the General section while creating a workflow. In this section, you must configure the Workflow Details and the Device Validity and Expiration Policies.

NOTE
  • If you have selected ZTPass on NXP P71D600, once you check the option Smart Card/Security Key Credential Issuance > Enable Chip Personalization, you need to select to load either a PIV or a FIDO2 or both applets based on the selected identity type.

What can you do in this section?

  1. For each chosen identity model, you have the option to select multiple device profiles and groups. This allows you to issue credentials on different form factors to the selected groups.
  2. Set the permissible number of devices for a user in the selected groups.
  3. Define the expiration date for the selected identity type and certificates.
  4. Define the minimum device and certificate validity for update.
  5. Select to which role(s) the workflow must be visible.

Workflow Details

Follow the below steps to configure workflow details:

  1. Workflow Name: Provide a name for the workflow. This could be a simple text that identifies the reason the workflow is being created for. For instance, PIV ID (ABC Organization).
  2. Description: Provide a brief description of the workflow.
  3. Display Name: Enter a display name for the workflow. This workflow name will be displayed during issuance if more that one workflow is configured for the user.
  4. Default Workflow: If this workflow is a default one that applies to all the users in the organizations or to specific groups, then select the Default Workflow checkbox. For an organization, there can only be a single default workflow.
    5. Refer to the section Default Workflow to learn more.
  5. Identity Type: From the drop-down list, select an identity type, e.g., PIV.
  6. Device Profile: From the drop-down list, select the device profile . Select one or more of the following supported device profiles for the workflow. Note that the below-listed device profiles are based on the product types available and have to be created as per your organization's requirement. You may choose to name them as per your requirements while creating the device profiles. The names listed are just indicative of the
    • ID-One PIV v2.4.1 on Cosmo V8.1
    • ID-One PIV v2.4.2 on Cosmo V8.2
    • ID-One PIV v2.3.4 on Cosmo V7
    • G&D SCE 7.0 with PIV Applet V1.0
    • Thales IDPrime PIV v3.0
    • ZTPass on NXP P71D600
    • ID Wallet
    • Yubico
    • FIDO2 Passkey Authenticator (for platform authenticators (WebAuthn))
    • FIDO2 Passkey Authenticator (for cross-platform (Direct Connect) authenticators)
  7. Assign to Group(s): You must have groups created before this step. Select the group(s) for which this workflow is being created. You can select multiple groups. Once you select certain groups for a workflow, the same groups will not be available for other workflows.
  8. Assign to Role(s): Select the roles that can view this workflow. This ensures that only these roles can issue identity devices for this workflow.
  9. Enforce maximum allowed devices per user: If you need to enforce a maximum limit of allowed devices per user, check the box and set an integer value to define the number of allowed devices.
  10. Expiration: Set the expiration period for the device. Select the number of months and days for device validity.

Device Validity and Expiration Policies

NOTE
  • Make sure that the certificate expiration date does not exceed the device expiration date.
  1. Enforce maximum allowed devices per user:If you need to enforce a maximum limit of allowed devices per user, check the box and set an integer value to define the number of allowed devices.
  2. Device Expiration:Set the expiration period for the device. Select the number of years, months, days, and hours for device validity.
  3. Certificate Expiration:Set the expiration period for the certificates. Select the number of years, months, days, and hours for device validity.
  4. Minimum Device Validity for Update:Set the minimum validity period required for a device to be eligible for updates. Specify the period in years, months, days, and hours. For example,
    1. If the minimum validity is set to 12 months, and the device has less than 12 months remaining before expiration, updates cannot be performed. In such cases, the device must be renewed or replaced first.
    2. If the device has more than 12 months of validity remaining, device update is allowed.
  5. Maximum Certificate Validity for Update Set the maximum remaining validity period after which a certificate can be updated (renewed or reissued). Specify the period in years, months, days, and hours.
    1. If the maximum validity for updates is set to 10 days, and a certificate has 20 days left until expiration, updates cannot be performed at this time. You will need to wait until the remaining validity is less than 10 days.
    2. When the certificate has exactly 10 days remaining, you can proceed with the update or renewal process.

You have completed the general configurations requried for the workflow. The next step is to configure the Data and Biometrics Enrollment details.


Back Next
On this page
Related Links