Getting Started
Unifyia Platform is a unified microservices-based, multi-tenant, cloud-native, centralized, zero trust
solution for identity orchestration and management for enterprises and governments. It offers simple,
seamless, and tailored customer experiences for all involved parties, all while upholding stringent
security measures. This solution aims at simplifying
and speeding up identity issuance and credential lifecycle management with agility and cost
efficiencies. It is a modern, agile, web-based, customizable solution for the issuance and management of
multiple types of identities and credentials such as PIV, PIV-I, CIV, Derived PIV (DPIV), and Derived
FIDO2 (DFIDO2) credentials on smart cards, tokens, and
mobile devices. You can issue them individually or in combination with other types of identities.
The Unifyia platform is a unified platform for sponsoring, enrolling, adjudicating,
issuing, and managing identities for users and partners. Organizations have the flexibility to customize
their identity issuance workflows to align with their internal policies and regulatory requirements. The
platform offers a wide range of configurations to enable the seamless adaptation of onboarding,
enrollment, adjudication, issuance, management, authentication, and authorization processes to
accommodate various stakeholders of the organization while adhering to FIPS, NIST, and FIDO2 standards
to ensure interoperability, security, and reliability.
Access to the Unifyia platform
Access to the Unifyia platform is determined by the group a user is assigned to. Group defines specific
roles, permissions, and access privileges. Organizations can assign these privileges at their discretion
in alignment with their policies.
Intended Audience
The intended audience can be generally categorized as administrators, operators, and end users. It may be
noted that the groups assigned define what tasks one can perform on the Unifyia platform and the
organization can always customize the permissions as per their requirement. For ease of understanding
and to get started with the platform, the entire documentation suite assumes that the set up tasks and
additional configurations as Administrator functions and the actions such as onboarding, enrollment,
adjudication, issuance, and identity management performed by Sponsors, Registrars, Identity Issuers,
Security Officers, and Helpdesk Operators as operator functions. Users can self-issue and manage the
identities as defined by the organization policy.
Supported browsers to access the Unifyia platform
- Google Chrome on Windows
- Microsoft Edge on Windows
- Safari on macOS
Setup Tasks
The table below lists the setup tasks that guide you, as an administrator, in configuring the various
options for identity orchestration. Each task includes detailed explanations, step-by-step instructions,
and best practices. Complete these configuration tasks to start using the Unifyia platform.
| Task |
Description |
|
Unifyia Client Installation
|
Learn how to install the middleware client services for device communication.
|
|
System Administrator
Login
|
System Administrator (System Admin) registration for a passwordless authentication method during
first-time
login, using system-generated credentials for secure access and account
personalization.
|
|
Branding
|
Customize the platform as per your organization’s branding policies.
|
|
Content Signing Certificate
|
Upload an issuer content signing certificate to the database that will be used to
sign the data written to containers in the identity devices to ensure data integrity
and authenticity.
|
|
Directory Integration
|
Integrate directories such as Active Directory (AD) or Lightweight Directory Access
Protocol (LDAP) for user federation.
|
|
Certificate Authorities
|
Integrate certificate authorities for issuing digital certificates within a Public
Key Infrastructure (PKI) framework.
|
|
Notification Providers
|
Add an Email Server and SMS Gateway for notifications.
|
|
Notifications
|
Configure system-wide notifications for users, operators, and administrators for
timely updates and alerts.
|
|
Manage Roles and Permissions
|
Manage roles permissions, device actions, and role-based authentication.
|
|
Conditional
Access
|
Learn how to control access for administrators by whitelisting IP addresses.
|
|
Passkeys (FIDO2) Policies
|
Configure registration and authentication policies for the passkeys (FIDO2) as per
FIDO2 specifications.
|
|
Groups
|
Learn how to add groups, assign roles, and add members to the group.
|
|
Device Profiles
|
Configure device management keys for identities such as smart cards, security keys,
and digital identities on mobile devices.
|
|
Visual Designs
|
Configure designs for the ID cards or electronic identities.
|
|
Workflows
|
Configure workflows for defining enrollment requirements and credential issuance.
|
Reports
|
Learn more about the comprehensive report generation module that empowers
administrators and decision-makers to access various compliance reports.
|
|
How-To-Guides
|
Access use case based step-by-step instructions for completing specific
tasks.
|
User and Credential Management Tasks
The table below lists the tasks that guide you, as an operator, in managing users and identities."
| Task |
Description |
|
User Management
|
Manage user onboarding and enrollment. Add administrators, operators, and users. Assign
groups that determine the role, permissions, and access privileges. You can also enroll users in
bulk.
|
|
Credential Management
System
|
Learn how to issue different types of identity devices, issue credentials, authenticate using those credentials, and manage the complete lifecycle of issued identities and credentials granularly.
|
Additional Configurations
The table below lists additional configurations that an administrator can manage.
| Task |
Description |
|
Security Audit
|
Choose which events must be logged and/or signed with the digital signature certificate of
the logged-in user for security audit.
|
|
Integrate IdPs
|
Integrate IdPs such as Entra ID, Okta to enable SSO functionality and identity
federation. The platform supports OpenID Connect (OIDC) and Security Assertion Markup
Language (SAML) protocols.
|
|
SCIM Provisioning
|
Learn how to leverage the SCIM-compliant APIs to integrate SCIM clients to facilitate
centralized management of user data and identities across multiple domains or systems.
|
|
Enterprise Connections
|
Learn how to consume external Identity Provider's (IdP) custom APIs for user
provisioning. The platform currently supports Okta.
|
|
Integrate SSO Applications
|
Learn how to integrate SSO applications such as Entra ID and Okta for single sign-on. The
platform supports SSO over OpenID Connect (OIDC) and Security Assertion Markup
Language (SAML) protocols.
|
|
External CMS
|
Integrate an external credential management system for PIV issuance and management.
|
|
Passkeys
(FIDO2) Provisioning
|
Integrate relying parties for passkeys (FIDO2) provisioning.
|
|
HSM
|
Integrate a Hardware Security Module (HSM) for secure management of cryptographic keys.
|