When a digital ID card is expiring, then it can be renewed in PRIME Smart ID Self-Service.
Standard workflow
| Actor | Action | Option | Physical ID | Digital ID | |
|---|---|---|---|---|---|
| 1PRIME | Identity Manager | On a configurable interval, PRIME Identity Manager runs the Expiry check, which finds all card certificates that will expire within the coming period. For each affected user, the steps below are done. | Automatically requests to renew all cards that belong to active AD users. | - | |
| 2 | Self-service user | Receives an email with instructions. Puts the card in the card reader. Logs in to PRIME Smart ID Self-Service and chooses Renew card. | - | - | |
| 3PRIME | Identity Manager | Removes expired authentication and signing certificates from the card. Keeps and reuses old encryption certificates. | - | - | |
| 4 | CA | Issues a set of new certificates, as needed. The certificates are stored in PRIME in Identity Manager and on the smart card. | - | - |
Expiry check:
PRIME Smart ID Self-Service renewal:
Technical references
...