This article provides detailed information about the Nexus Smart ID solution Physical ID.
For an overview of connected systems and managing roles, see Smart ID manager overview.
For information on the standard card layouts and technology, see Physical ID Card layouts and technology.
...
scroll-pdf | true |
---|
scroll-office | true |
---|
scroll-chm | true |
---|
scroll-docbook | true |
---|
scroll-eclipsehelp | true |
---|
scroll-epub | true |
---|
scroll-html | true |
---|
...
Configuration files
Excerpt |
---|
Features Expand |
---|
| Basic branding is included in the Physical ID module, by displaying the customer logotype |
|
...
in Identity Manager and Smart ID Self-Service |
|
...
Expand |
---|
| Nexus provides basic templates for the email notifications included in the common use cases, for example when a card has been activated or is about to expire. During the implementation project, Nexus consultants or partners adapt the email templates for the customer needs. When the Physical ID module is up and running, email templates can be updated |
|
...
by Identity Manager administrators. For more information, see Set up email template in Identity Manager. The following email templates are included: - Activate employee card
- Deactivate employee card
- Employee card expires
- Employee card has been locked
- Produce employee card
- Send certificate reminder
- Send P12 to employee
|
Expand |
---|
| The following standard reports are included in the Smart ID solution: - All employee cards
- All external cards
- All system users with connected roles
- Locked cards with reason for locking
- All active Personal Mobile users
- All users that have Personal Mobile enabled but have not yet activated it
The reports are created using searches in |
|
...
Expand |
---|
| Supported languages are listed in |
|
...
Expand |
---|
title | Nexus User Self-Service Portal |
---|
|
As part of the Smart ID solution, the customer can choose to include the PRIME User Self-Service Portal (USSP). The available self-service tasks in the USSP can help minimizing administrative work. The following self-service tasks are available in the User Self-Service Portal: - Activate Personal Mobile
- Lock card
- Change PKI PIN
- Change PACS PIN
- Renew card
- Request replacement card
- Unblock PIN
- Upload photo
|
Installation requirements
Expand |
---|
title | Installation requirements on server |
---|
|
The following installation requirements apply to the server in the Smart ID solution: Requirements on Active Directory setup: - A Service account in AD who is a Domain User
- Active Directory Tools installed on PRIME Server
- The OU where PRIME shall get all needed users (example, OU=Employee, DC=example, DC=com).PACS-specific user service account for PACS connector communication.
Requirements for ADCS setup: - All the CA certificates that are needed on file on Prime server (ex, ca1.cer, ca2.crt).
- Two certificate templates for Smartcard created in ADCS, one for Smart Card Authentication and one for Digital signature is going to be created in the ADCS, we do this together with the customer
- An SSL certificate with both certificate and key (pfx,p12) for PRIME saved on PRIME server, with Common Name and SAN name like prime.shb.se or similar.
- An SSL certificate with both certificate and key (pfx,p12) for PRIME ADCS Connector saved on PRIME server, with Common Name and SAN name like primeinternal.shb.se or similar. This is only going to be used internally on PRIME Server.
- A Certificate with both certificate and key (pfx,p12) for PRIME to use when authenticate from PRIME to the ADCS Connector, the certificate needs to have Client Authentication as Extended Key Usage.
- RSASSA-PSS must not be used as the signature algorithm. This can be verified in a certificate, by checking the signature algorithm. SHA256 is the preferred signature algorithm, and SHA1 is also supported.
|
Expand |
---|
title | Installation requirements on client |
---|
|
The following installation requirements apply to the client in the Smart ID solution: - Java 8 121 32 bit or later installed on Admin Client, Card Production client and end user client.
|
Workflow options Expand |
---|
title | Additional workflows |
---|
| Additional workflows that are included in the price for the Smart ID solution: - PACS-adapted workflows, depending on what PACS system is used
- More workflows for handling photos, for example upload the photo to AD
- Workflows to manage additional certificates on card for IT administrators
- Workflows to register and issue local SITHS cards (Swedish: tjänstekort)
|
|
...
...
...
These additional workflows must be specified during the implementation project, and will be implemented by Nexus consultants or partners. |
Expand |
---|
title | Options in standard workflows |
---|
| These choices are available in the standard workflows: - PIN letter or email for distributing PIN codes
- Approval step in card production or not
- Self-service tasks available for users, if
|
|
...
...
...
...
...
...
These options must be specified during the implementation project, and will be implemented by Nexus consultants or partners |
|
...
title | Nexus Service Station workflows |
---|
Optionally, Nexus Service Station can be used to collect employee photos. There are standard workflows for that purpose, that are included in the solution.
...