Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This article provides detailed information about the Nexus Smart ID solution Physical ID

For an overview of connected systems and managing roles, see Smart ID manager overview

For information on the standard card layouts and technology, see Physical ID Card layouts and technology

...

scroll-pdftrue
scroll-officetrue
scroll-chmtrue
scroll-docbooktrue
scroll-eclipsehelptrue
scroll-epubtrue
scroll-htmltrue

...

Configuration files

Configuration fileCorresponding use cases
Smart_ID_Base_<date>.zipIdentity management
Smart_ID_Physical_ID_<date>.zipCard management - Physical ID
Smart_ID_Physical_ID_VisitorManagement_<date>.zipVisitor management


Excerpt

Features

Expand
titleBranding

Basic branding is included in the Physical ID module, by displaying the customer logotype

...

in Identity Manager and Smart ID Self-Service

...

.


Expand
titleEmail templates

Nexus provides basic templates for the email notifications included in the common use cases, for example when a card has been activated or is about to expire.

During the implementation project, Nexus consultants or partners adapt the email templates for the customer needs. When the Physical ID module is up and running, email templates can be updated

...

by Identity Manager administrators.

For more information, see Set up email template in Identity Manager.

The following email templates are included: 

  • Activate employee card
  • Deactivate employee card
  • Employee card expires
  • Employee card has been locked
  • Produce employee card
  • Send certificate reminder
  • Send P12 to employee


Expand
titleReports

The following standard reports are included in the Smart ID solution: 

  • All employee cards
  • All external cards
  • All system users with connected roles
  • Locked cards with reason for locking
  • All active Personal Mobile users
  • All users that have Personal Mobile enabled but have not yet activated it

The reports are created using searches in

...

Identity Manager


Expand
titleLanguage support

Supported languages are listed in

...

Expand
titleNexus User Self-Service Portal

As part of the Smart ID solution, the customer can choose to include the PRIME User Self-Service Portal (USSP). The available self-service tasks in the USSP can help minimizing administrative work.

The following self-service tasks are available in the User Self-Service Portal:

  • Activate Personal Mobile
  • Lock card
  • Change PKI PIN
  • Change PACS PIN
  • Renew card
  • Request replacement card
  • Unblock PIN
  • Upload photo

Installation requirements

Expand
titleInstallation requirements on server

The following installation requirements apply to the server in the Smart ID solution:  

  • Windows Server 2012 or later with 2 CPU and 12 Gb Ram and 20 Gb HD for the application and logs. (Extra disk)
  • SQL Server 2014 or later installed with TCP port 1433 enabled. The Standard edition is recommended. The Express edition is also supported but has limited storage capacity. For more information, see https://www.microsoft.com/en-sa/sql-server/sql-server-2017-editions.

  • SQL Management Studio installed
  • IIS Role installed on the server
  • Port 443, 8443 and 8080 opened in Local firewall on server
  • The above ports opened from the Admin client, card production client and enduser client. (It can also be the same computer)
  • Port 389/636 opened from PRIME server to a domain controller
  • To enable PACS integration, the PACS MIFARE number must be available as raw data (not encrypted, truncated, or similar).  

Requirements on Active Directory setup:

  • A Service account in AD who is a Domain User
  • Active Directory Tools installed on PRIME Server
  • The OU where PRIME shall get all needed users (example,  OU=Employee, DC=example, DC=com).PACS-specific user service account for PACS connector communication.

Requirements for ADCS setup:

  • All the CA certificates that are needed on file on Prime server (ex, ca1.cer, ca2.crt).
  • Two certificate templates for Smartcard created in ADCS, one for Smart Card Authentication and one for Digital signature is going to be created in the ADCS, we do this together with the customer
  • An SSL certificate with both certificate and key (pfx,p12) for PRIME saved on PRIME server, with Common Name and SAN name like prime.shb.se or similar.
  • An SSL certificate with both certificate and key (pfx,p12) for PRIME ADCS Connector saved on PRIME server, with Common Name and SAN name like primeinternal.shb.se or similar. This is only going to be used internally on PRIME Server.
  • A Certificate with both certificate and key (pfx,p12) for PRIME to use when authenticate from PRIME to the ADCS Connector, the certificate needs to have Client Authentication as Extended Key Usage.
  • RSASSA-PSS must not be used as the signature algorithm. This can be verified in a certificate, by checking the signature algorithm. SHA256 is the preferred signature algorithm, and SHA1 is also supported. 
Expand
titleInstallation requirements on client

The following installation requirements apply to the client in the Smart ID solution: 

  • Java 8 121 32 bit or later installed on Admin Client, Card Production client and end user client.

IDM 23.10.3 - Requirements and interoperability.

Workflow options

Expand
titleAdditional workflows

Additional workflows that are included in the price for the Smart ID solution:

  • PACS-adapted workflows, depending on what PACS system is used
  • More workflows for handling photos, for example upload the photo to AD
  • Workflows to manage additional certificates on card for IT administrators
  • Workflows to register and issue local SITHS cards (Swedish: tjänstekort)

...

  • Smart ID Self-Service

...

  • workflows, see separate section above
  • Export card number to AD for using other applications, such as canteen, follow-me print, library
  • Signature pad workflows. The workflows are included in the solution, but the signature pad is an add-on

...

  • .

These additional workflows must be specified during the implementation project, and will be implemented by Nexus consultants or partners.


Expand
titleOptions in standard workflows

These choices are available in the standard workflows:

  • PIN letter or email for distributing PIN codes
  • Approval step in card production or not
  • Self-service tasks available for users, if

...

  • Smart ID Self-Service

...

  • is used

...

  • Manual or automatic workflow to inactivate or reactivate persons
  • Automatically activate and deactivate cards for activated and inactivated persons
  • Automatically produce cards for new employees
  • Automatically renew cards for active persons
  • Let person sign on a signature pad when picking up a card

...

  • , if

...

  • the signature pad add-on is used

...

  • .

These options must be specified during the implementation project, and will be implemented by Nexus consultants or partners

...

titleNexus Service Station workflows

Optionally, Nexus Service Station can be used to collect employee photos. There are standard workflows for that purpose, that are included in the solution.

...

.