Change version
2.2.0
2.0.3
Home
Release Notes +
Unifyia Platform
Unifyia ID Wallet
Operator Client - Windows
User Client - Windows
User Client - macOS
User Client - Linux (RHEL)
User Client - Linux (Ubuntu)
Concepts
Getting Started
Unifyia Platform +
User Management +
System Administrator Login
Onboard Users
Express Enrollment
Enroll Users
Approve Enrollment
Import Users from Directory
Invite to Self-Issue Mobile Identities
Access to the Self-Service Portal
ID Reader
Device Factory Reset
Device User Lookup
Credential Management System +
Credential Issuance by Operators +
PIV/CIV Credentials
Derived PIV
Derived Passkeys (FIDO2)
Passkeys (FIDO2)
Mobile Credentials
Self-Issuance of Credentials by Users +
Derived PIV
Derived Passkeys (FIDO2)
Passkeys (FIDO2)
Mobile Credentials
Activation
Authentication
Granular Lifecycle Management +
Operators
Users
Administration +
Branding
General Settings
Configure Passkeys (FIDO2) Policy +
Passkeys Policy for Unifyia
Passkeys Policy for Relying Parties
Manage Groups
Device Profiles +
PIV/PIV-I/CIV/DPIV
PIV+FIDO2/DPIV+DFIDO2
FIDO2/DFIDO2
Mobile ID/DMobile ID
ID Card
Manage Visual Designs
Configure Workflows +
Create Workflow +
General Configurations
Data and Biometrics Enrollment
Smart Card/Security Key Credential Issuance
ID Wallet Configurations
Derived Credential Configurations
Create Workflow for an External CMS
Manage Workflows
Upload Content Signing Certificate
Security Audit
Access Control +
Manage Roles and Permissions
Conditional Access
Notifications +
Notification Providers +
Email Server
SMS Gateway
Notification Settings
Integrate Identity Providers +
Add and Manage Identity Providers
Configuration Parameters to Add IdPs Using OIDC Protocol
Configuration Parameters to Add IdPs Using SAML Protocol
Configure SCIM Provisioning
Integrate Directories
Integrate Enterpise Connections
Configure Certificate Authorities
Integrate SSO Applications +
Add and Manage SSO Applications
Configuration Parameters to Add SSO Applications Using OIDC Protocol
Configuration Parameters to Add SSO Applications Using SAML Protocol
Integrate External CMS
Integrate Relying Parties for Passkeys (FIDO2) Provisioning
Integrate HSM
Reports and Logs
End User Guides +
Operator Guide
User Guide
How-To-Guides +
Integrate Entra ID as an IdP - OIDC
Integrate Entra ID as an IdP - SAML
Integrate Okta as an IdP - OIDC
Integrate Okta as an IdP - SAML
Integrate Okta for SSO - OIDC
Integrate Okta for SSO - SAML
Integrate LDAP
Integrate Active Directory
Configure Okta for User Provisioning
Configure MSCA
Configure EJBCA
Configure Entrust Gateway
Configure LDAP for HID CMS
Configure HID CMS
Configure Utimaco Cryptoserver
Unifyia Client +
Operator Client - Windows
User Client - Windows
User Client - macOS
User Client - Linux (RHEL)
User Client - Linux (Ubuntu)
Unifyia ID Wallet +
Install and Launch
Issue Mobile Credentials
Authentication Using Mobile Credentials
App Features
Lifecycle Management
Developer +
Generate API Keys
Developer Resources
FAQ
Glossary
Articles
Home
Concepts
Concepts
AAL
Authentication Assurance Level (AAL) is an ordinal measurement to measure the strength of an authentication transaction.
Attestation Certificate
Attestation Certificate in FIDO2 context is a digital X.509 certificate issued to an authenticator by its manufacturer or trusted authority.
Authentication
Verifying a user's identity through methods such as passwords, biometrics, or multi-factor authentication (MFA).
Authentication Token
A digital key issued to a user or application after successful authentication.
Authorization
Determining what resources a user can access and what actions they can perform.
Biometrics Capture
The collection of biometric data (e.g., fingerprints, facial recognition) to enhance identity verification and card security.
Certificate Authority
A trusted entity that issues digital certificates used to validate the identity of the cardholder.
Cross-Platform (Roaming) Authenticators
Portable (Roaming) devices that support FIDO2/WebAuthn framework for zero trust, passwordless authentication.
Credential Management System
A comprehensive system that manages the issuance and lifecycle management of identities.
Derived FIDO2
A derived FIDO2 credential (DFC) derived from an individual's primary PIV credential.
Derived PIV
A derived PIV credential (DPC or DPIV) derived from an individual's primary PIV credential.
Device Profiles
A set of configurations and settings that define how a specific identity device (such as a smart card, security key, or mobile device) must function.
Digital Signatures
Cryptographic signatures that validate the authenticity and integrity of documents or communications, often tied to the PIV card.
Enrollment Process
Steps taken to collect personal data, biometrics, and digital signatures during the issuance of the PIV card.
FAL
Federation Assertion Level, defined by NIST, evaluates the level of confidence in the identity federation process.
FASC-N
FASC-N (Federal Agency Smart Credential Number) is used to uniquely identify a PIV credential holder across the federal government.
HMAC (Hash-based Message Authentication Code)
A widely used cryptographic technique designed to ensure both the integrity and authenticity of a message.
Lifecycle Management of Identities
The processes and practices used to manage the creation, maintenance, and deactivation of user identities.
IAL
Identity Assurance Level, defined by NIST, conveys the degree of confidence that someone's claimed identity is their real identity.
IAM
A framework that manages digital identities, authenticating users, and authorizing access based on roles and privileges.
Identity Brokering
A mechanism that simplifies authentication by acting as an intermediary between service providers and multiple identity providers (IdPs).
Identity Federation
A process that allows users to use their credentials from one identity provider (IdP) to access resources and services across multiple platforms or organizations.
Identity Provider (IdP)
An entity that creates, maintains, and manages identity information and provides authentication services to relying parties.
Identity Proofing
The process of verifying an individual's identity before issuing a PIV card, often involving document checks and background investigations.
Interoperability
The ability of identities to be recognized and utilized across different federal agencies and systems.
Key Ceremony
A process to securely generate and diversify a Manufacturer Master Key using three transportation keys and corresponding checksum values from the key custodians while saving the keys in the hardware security module (HSM).
Key Escrow
A security mechanism in certificate management to securely store a copy of a user's private encryption.
Key Management
The secure management of the cryptographic keys issued by a certificate authority.
Mobile Credentials
Digitally stored authentication credentials on mobile devices.
Multi-Factor Authentication
A security mechanism that requires users to provide two or more authentication factors to verify their identity.
OIDC Protocol
An open standard for authentication that is built on top of the OAuth 2.0 framework.
OAuth Protocol
An open standard for authorization that allows third-party applications to securely access a user's resources.
Passkeys
Learn how passkeys (FIDO2) enable passwordless login experience.
Personalization
The process of embedding the cardholder's information, cryptographic keys, and biometrics into the smart card.
PIV Identity
A standard set by the U.S. federal government for identity authentication for all its employees.
PIV-I Identity
A credential issued to non-federal personnel to interoperate with the federal government's PIV (Personal Identity Verification) systems.
PIV Roles
Learn more about the PIV roles as per the NIST FIPS 201 standard.
Platform Authenticators
Device bound or in-built authentication methods that support FIDO2
Public Key Infrastructure (PKI)
The framework supporting digital certificate issuance and management, essential for secure communications and access.
Relying Party
Role-Based Access Control (RBAC) refers to assigning access rights based on user roles within an organization.
RBAC
Role-Based Access Control (RBAC) refers to assigning access rights based on user roles within an organization.
SAML Protocol
An open standard used for exchanging authentication and authorization data between an Identity Provider (IdP) and a Service Provider (SP).
Subject DN
In a PIV (Personal Identity Verification) ID certificate, the Subject Distinguished Name (Subject DN) attributes uniquely identify the certificate holder.
SCIM Protocol
An open standard designed to simplify the management of user identities across different systems and domains.
Security Keys and Tokens
Security keys and tokens are physical devices used for two-factor (2FA) or multi-factor authentication (MFA) to enhance online security.
Single Sign-On (SSO)
An authentication process that allows users to access multiple applications or services with a single set of login credentials.
Smart Cards
A physical card containing a built-in memory chip to store and process data electronically for secure transactions and authentication.
User Directory
A centralized database or service that stores and manages information about users and their credentials.
User Federation
A process of connecting and integrating multiple identity systems or directories.
User Provisioning
The process of automating the creation, updating, and deactivation of user identities across multiple systems, applications, and services using SCIM protocol.
Workflows
A defined sequence of tasks, processes, or activities that must be completed to achieve a specific goal.
Zero Trust
A security framework based on the principle of "never trust, always verify."
Back
Next