Granular Lifecycle Management - Users

Users interact with the platform to perform actions on their assigned identity devices, such as smart cards or mobile credentials, based on their access permissions and organizational guidelines.

The Identities option allows you to add new authenticators as well as manage the lifecycle of the identity devices, applications, and issued credentials based on the status of the identity device and as per the organization's policy. You can perform the following lifecycle actions:

  • Activate
  • Suspend
  • Reactivate
  • Renew
  • Change PIV PIN
  • Reset PIV PIN using PUK
  • Change FIDO PIN
  • Update

Identity Device Lifecycle Actions

The following are the possible lifecycle actions based on the status of the device for identity devices such as smart cards, security keys, and mobile devices.

Lifecycle Actions Process
Suspend When an active device (smart card, security key) is lost/damaged, you can suspend the device to avoid misuse. To suspend the device, select the identity, and select Actions > Suspend. Select one of the listed reasons to suspend the device and confirm.
Reactivate To reactivate a suspended device, select the identity, and select Actions > Reactivate.

Application Lifecycle Actions

The following are the possible lifecycle actions for the PIV and FIDO2 application:

Application Lifecycle Actions Process
PIV Activate Activate the newly issued PIV identity using the activation PIN sent to your registered email.
  1. Select Activate against the PIV application that you need to activate.
  2. Connect your smart card reader to your computer and insert your PIV/DPIV smart card into the card reader.
  3. Old PIN: Enter the activation PIN sent to your email. If you forgot or did not save your activation PIN, click on the link I forgot my PIN! An email will be sent to the registered email. Check the email and enter the activation PIN.
  4. New PIN: Provide a new PIN.
  5. Confirm PIN: Confirm the provided PIN.
  6. Select Activate. Your device is activated.
Change PIV PIN
  1. Connect the identity device.
    1. For Smart cards: Connect a card reader to your computer and insert a smart card.
    2. For Security Key: Insert the security key into a USB port.
  2. Select the connected device.
  3. Select Actions > Change PIV PIN.
  4. Enter the old PIN.
  5. Next, enter a new PIN, and confirm it.
  6. Select OK. The PIV application PIN is changed.
Reset PIV PIN with PUK

If you have forgotten your PIV device PIN, you can reset it with the option Reset PIN with PUK. You need to contact your helpdesk operator for the PUK number.

  1. Connect the identity device.
    1. For Smart card: Connect a card reader to your computer and insert a smart card.
    2. For Security Key: Insert the security key into a USB port.
  2. Select the connected identity.
  3. Select Manage > Reset PIN with PUK.
  4. Request your helpdesk operator to provide the PUK value.
  5. Enter it, then enter the New PIN and confirm the same.
  6. Select OK. Your device PIN is reset.
Update
Update when additional credentials are available
FIDO2 Change FIDO PIN
  1. Connect the identity device.
    1. For Smart cards: Connect a card reader to your computer and insert a smart card.
    2. For Security Key: Insert the security key into a USB port.
  2. Select the connected device.
  3. Select Actions > Change FIDO PIN.
  4. Enter the old PIN.
  5. Next, enter a new PIN, and confirm it.
  6. Select OK. The FIDO application PIN is changed.
Update
Update when additional credentials are available

Credential Lifecycle Actions

The table below outlines the credential lifecycle actions available to an operator. For each credential, choose Actions and then select the desired action.

Credential Lifecycle Actions
PIV
  • Authentication
  • Digital Signature
  • Encryption
  • Card Authentication
  • Suspend
  • Reactivate
  • Renew
Mobile
  • Authentication
  • Digital Signature
  • Encryption
  • Card Authentication
  • Suspend
  • Reactivate
  • Renew: You can renew the expired mobile certificates, but this option is only available if the certificates are eligible for renewal; otherwise, it is unavailable.
Mobile
  • Visual
  • FIDO2
  • Consent
  • OTP
  • Suspend
  • Reactivate

Select the identity and select Manage. Based on the status of the device the options are displayed.

Identity Devices

The following are the possible lifecycle actions based on the status of the identity device (smart cards or security keys).

Suspend

When an active device (smart card, security key) is lost/damaged, you can suspend the device to avoid misuse. To suspend the device, select the identity, and select Manage > Suspend. Select one of the below-listed reasons to suspend the device and confirm.

  • On leave
  • Misconduct
  • Misplaced device
  • Other

Reactivate

To reactivate a suspended device, select the identity, and select Manage > Reactivate.

Renew

You can renew the expired certificates on smart cards and security keys. This option is available only if the certificates are eligible for renewal otherwise, it is unavailable.

  1. Select the connected device for which the certificates have expired. Connect the identity device.
    1. For Smart card: Connect a card reader to your computer and insert a smart card.
    2. For Security Key: Insert the security key into a USB port.
  2. Select Manage > Renew. Enter the device PIN, select the certificates to renew, and select OK. The certificates are renewed.

Change PIN

This option is available for smart cards and security keys.

  1. Connect the identity device.
    1. For Smart card: Connect a card reader to your computer and insert a smart card.
    2. For Security Key: Insert the security key into a USB port.
  2. Select the connected identity.
  3. Select Manage > Change PIN.
  4. Enter the old PIN.
  5. Next, enter a new PIN, and confirm it.
  6. Select OK. The PIN is changed.

Report Incident

To report an incident regarding a lost, stolen, or damaged device, select the identity, and select Manage > Report Incident. Provide a reason and proceed to suspend the device.

Reset PIN with PUK

If you have forgotten your PIV device PIN, you can reset it with the option Reset PIN with PUK. You need to contact your helpdesk operator for the PUK number.

  1. Connect the identity device.
  2. For Smart card: Connect a card reader to your computer and insert a smart card.
  3. For Security Key: Insert the security key into a USB port.
  4. Select the connected identity.
  5. Select Manage > Reset PIN with PUK.
  6. Request your helpdesk operator to provide the PUK value.
  7. Enter it, then enter the New PIN and confirm the same.
  8. Select OK. Your device PIN is reset.

Mobile Devices

To manage the mobile device lifecycle actions, select the issued mobile identity. Select Manage and choose an action to perform as described below. The process to perform each action is similar to that of an identity device.

  • Suspend
  • Reactivate
  • Report Incident
  • Renew: Renew the expiring certificates issued.

Back Next
On this page