Integrate External CMS

The Unifyia platform can integrate the SDKs and APIs from the external credential management system (External CMS) to issue and manage PIV IDs on the Unifyia platform. By integrating the external CMS's APIs and connection settings, the platform enables organizations to seamlessly integrate with their existing identity systems to securely issue identities. The Unifyia platform currently supports the integration of HID CMS.

This tutorial provides an overview on the rationale behind integrating an external CMS, the common configuration parameters to integrate HID CMS, how to integrate an external CMS, and manage it. Once integrated, organizations can issue PIV identities and manage the lifecycle actions on the Unifyia platform. The integrated APIs push status of the identities and lifecycle actions performed on the platform regularly to the external CMS.

Unifyia offers the Unifyia Client application, designed for both Operators and Users. This middleware application facilitates the connection between the Unifyia platform and the external CMS, integrating all necessary APIs to ensure smooth communication between the two systems. The Unifyia Operator Client is intended for operators, while the Unifyia User Client is for end users. Currently, the Client applications are available exclusively for Windows systems. The application must be installed on the client machine and remain active for the issuance and management of PIV IDs.

Rationale Behind Integrating with the External CMS:

  1. Provision to enroll a user as per PIV standards to enable PIV ID issuance.
  2. Provision to import a user from the integrated HID CMS directory and enroll the user as per PIV standards to enable PIV ID issuance.
  3. Utilize the advanced yet simplified enrollment and issuance process of the Unifyia platform.
  4. Optimize the identity issuance process within an organization with tailored workflows to manage issuance to different groups.
  5. Supports the issuance of PIV, PIV-I, and CIV identities in compliance with FIPS standards.
  6. You have the flexibility to configure workflows, select essential data elements, and ensuring compliance with organizational as well as federal regulations.
  7. Granular management of the issued identity devices, applications, and credentials.
  8. Transfer of the user and identity data to the external CMS by integrating the RESTful APIs.
  9. Integrate a directory system to enable synchronization between the actions performed on a user's identity at the external Credential Management System (CMS) and the Unifyia platform. This integration will ensure that any updates or changes to user information, such as user profile modifications, role assignments, identity lifecycle actions, are accurately reflected across both systems through user federation. By leveraging federation, user data is seamlessly managed, allowing for a unified identity experience across platforms while maintaining consistency and security.
  10. Precise control over identities and credentials throughout their lifecycle, balancing security, usability, and compliance.

Common Configurations

It should be noted that as the platform currently supports the integration of the HID CMS, the common configuration parameters are specific to the HID CMS only. However, as more credential management systems are integrated, the list will expand. Refer Configure HID CMS tutorial on more details on HID CMS integration.

Common Configurations to Integrate the HID CMS
Settings Parameter Description
Connection Settings Host URL URL to connect to the external CMS
Admin Port Number Port number for the administrator portal
User Port Number Port number for the user portal
SSL Client Certificate A certificate used to verify the identity of CMS accessing the Unifyia platform.
Client Certificate Password Password for the client certificate
SSL Server Certificate A digital certificate issued by the external credential management system's CA to establish a secure connection with the server.
Card Production Request The Card Production Request (CPR) includes a list of user-specific attributes (such as a name, fingerprint, or facial image) that will be stored in the PIV Metadata database and transferred to the PIV card during device issuance.
CPR Signing Certificate A digital certificate in the .p12 format issued by the external credential management system's CA to sign the CPR.
CPR Certificate Password Password for the CPR Signing Certificate.
Identity Type The types of identities for which the card production request can be generated. Currently, the Unifyia platform supports PIV, PIV-I, and CIV identities. You can add multiple identity types.
File Upload the PIV enrollment data file in .XML format to facilitate the exchange of Personal Identity Verification (PIV) card enrollment data. This is a common XML-based data representation of a chain-of-trust record that includes the Card Production Request (CPR). This XML format file serves as the enrollment record and complies with the FIPS 201 standard for PIV cards.
Policies Policy Name The list of configured policies imported from the HID CMS.
Description A brief description regarding the selected policy.

Add External CMS

This section provides an overview of how to add an external credential management system on the Unifyia platform. Make sure that the Unifyia Operator Client v2.2.0 is installed and actively running as a windows service. Follow the below steps to add an external CMS.

  1. Log into the platform with administrator credentials.
  2. Navigate to Integrations > External CMS.
  3. Select + Add External CMS.
  4. The Add External CMS page is displayed.
  5. Select the name of the CMS. Currently, the platform supports the integration of HID CMS only.
  6. Configure the required parameters. Refer to the tutorial Configure HID CMS to integrate HID CMS.
  7. SelectTest Configuration, to check if the configuration is successful.
  8. Once the connection is successfully established, select Save to save the details of the configuration.

Manage External CMS

  1. Log into the platform with administrator credentials.
  2. Navigate to Integrations > External CMS.
  3. A list of configured external credential management systems is displayed.
  4. To edit, select the Pencil icon at the end of the selected external CMS row and modify the configuration parameters as needed. Select Update to save the changes.
  5. To delete, select the Bin icon at the end of the selected external CMS row. Select Yes to confirm or No to exit the process.

Back Next
On this page
How-To-Guides