Configure HID CMS

This tutorial provides instructions on configuring the HID CMS as an external credential management system to issue and manage PVI IDs.

Prerequisites

  • Make sure that the Operator Client is installed and active.
  • The LDAP is configured with the following parameters:
    • LDAP Searching and Updating Settings
      • Edit Mode: Writable
      • Username LDAP Attribute: sAMAccountName
      • Search Scope: One Level
    • Synchronization Settings:
      • Import Users: Enable
      • Sync Registrations: Enable
    • Additional Mappers: The following additional mappers must be added for enabling data synchronization:
Unifyia to HID CMS Mappers
User Model Attribute (Unifyia Platform) LDAP Attribute (HID CMS) Mapper Type
userAccountControl userAccountControl user-attribute-ldap-mapper
jpegPhoto jpegPhoto user-attribute-ldap-mapper
pwdLastSet pwdLastSet user-attribute-ldap-mapper
userPrincipalNames userPrincipalNames user-attribute-ldap-mapper
username cn user-attribute-ldap-mapper
firstName displayName user-attribute-ldap-mapper
  • The following predefined mappers must be edited:
Edit Predefined Mappers
Predefined Mapper Name Mapper Attributes
first name Always Read Value From LDAP: Disable this option.
last name Always Read Value From LDAP: Disable this option.
  • You must have the following information about the external CMS that you are integrating.
    • Host Name
    • Admin Port Number
    • User Port Number
    • SSL Client Certificate
    • Client Certificate Password
    • SSL Server Certificate
    • CPR Signing Certificate from HID
    • CPR Certificate Password
    • PIV, PIV-I, and CIV Policy details from HID CMS

Configuration Steps

This section provides the steps to add an external CMS. Once integrated, the Unifyia platform integartes with the external CMS to issue and manage only the PIV IDs.

  1. Log in to the Unifyia platform.
  2. Navigate to Integrations > External CMS.
  3. Select + Add External CMS.
  4. The add external CMS page appears. You will find three tabs - Connection Settings, Card Production Request, and Policies. You need to configure the required parameters under each tab as explained below.
  5. Under the Connection Settings tab, provide the following information:
    1. CMS: Select HIDCMS from the drop-down list.
    2. Name: Enter the display name or a common name for this CMS.
    3. Description: Enter a brief description of this CMS integration.
    4. Host Name: Enter the host name. This is the base URL or endpoint to access the external CMS. The host name must be in the format of <tenantname>.<domainname>.domainextension>. For example, utopia-dev.utopia.net
    5. Admin Port Number: Provide the port number for the administrator portal. This is the port used to access the portal.
    6. User Port Number: Provide the port number for the user portal. This is the port used to access the portal. If this port number is not provided, it will proceed with the admin port number.
    7. SSL Client Certificate: Upload the HID SSL client certificate to connect.  
    8. Client Certificate Password: Enter the password for the client certificate.
    9. SSL Server Certificate: Upload the HID SSL certificate which is a digital certificate issued to establish a secure connection with the server.
    10. To check if the configuration is successful, select Test Configuration.
    11. After a successful test, select Next. The next step is to configure the card production request details.
  6. Under the Card Production Request tab, provide the following information:
    1. CPR Signing Certificate: Upload a digital certificate in the .p12 file format issued by the HID's CA to sign the CPR. The CPR includes a list of user-specific attributes (such as a name, fingerprint, or facial image) that will be stored in the PIV Metadata database and transferred to the PIV card during device issuance.
    2. CPR Certificate Password: Enter the password for the CPR Certificate.
    3. Identity Type: Select the type of identity for which the card production request must be generated. Available options are PIV, PIV-I, and CIV identities. Select the + icon to add additional identity types.
    4. File: Upload the enrollment data file in .XML format to facilitate the exchange of enrollment data for the selected identity. For each identity type, you must upload this XML file. This is a common XML-based data representation of a chain-of-trust record that includes the Card Production Request (CPR).
    5. Select Next. The next step is to configure the card issuance policy details.
  7. Under the Policies tab, provide the following information:
    1. Policy Name: This field displays all the configured policies by the HID CMS for the issuance of the identities. Select the policy from the dropdown list that must be implemented for users.
    2. Description: Provide a brief description regarding the selected policy.
    3. Select Save to save the configuration details.

You have successfully integrated the HID CMS. To verify the availability of the configured CMS, navigate to Configuration > Workflows on the Unifyia platform. Select + Create Workflow. A confirmation pop-up will appear, asking whether the workflow should be created for an integrated external CMS. This prompt confirms that the external CMS has been successfully configured.


Back Next
On this page
Related Links
How-To-Guides