Document toolboxDocument toolbox

IDM 5.0.1 - Requirements and interoperability

This article provides installation requirements and interoperability data for Smart ID Identity Manager. 

Recommendations

Deployment and sizing considerations

Read the information under header "Deployment and sizing considerations" in Smart ID deployment recommendations.

Database recommendations

Read the information under header "Database recommendations" in Smart ID deployment recommendations.

Requirements

Databases

This section includes updates for Identity Manager 5.0.1.

The following databases are supported:

  • SQL Server 2016

  • SQL Server 2017

  • SQL Server 2019

  • Azure SQL

  • Oracle Database 12c

  • Oracle Database 19c

  • PostgreSQL 11

  • PostgreSQL 12

  • PostgreSQL 14

  • PostgreSQL 15

  • PostgreSQL 16

For SQL Server and Azure SQL see also the transaction isolation level requirements here: Set transaction isolation level for MS SQL when used with Identity Manager

Client: Web browsers

All Identity Manager clients are executed in up-to-date HTML5 web browsers such as:

  • Mozilla Firefox

  • Google Chrome

  • Safari

  • Microsoft Edge (Chromium)

Identity Manager releases are always tested with the latest browser versions.

JasperReports

The following version of JasperReports is supported:

  • Templates in JasperReports format (.jrxml) version 6.5.1 are supported

Capture or production client: Software

The following requirements apply for a workstation that is to be used as a capture client or production client: 

For PKI cryptochip encoding the following is also required:

  • A PKCS#11 compliant smart card middleware.

    • For a list of supported smart card middleware, see heading "Supported smart cards and middleware in Identity Manager".

  • OpenJDK or Oracle Java

    • Version 11 (64-bit), tested on OpenJDK 11.0.6+10

    • Architecture: 32-bit (for any smart card middleware) or 64-bit (for any smart card middleware except Nexus Personal)

  • The smart card middleware and client-side Java must have the same OS architecture, either 32-bit or 64-bit, since Identity Manager's encoding component connects from the client-side Java to the middleware.

PKI encoding via Self-Service: Software

The following requirements apply for the use of PKI cryptochip encoding features on Identity Manager Self-Service clients:

Identity Manager war files deployment installation

The following requirements apply for Identity Manager war files deployment installations:

  • Tomcat 8/9

  • Java 11

Interoperability

Data connectors

Identity Manager allows synchronization of data with external systems for many different use cases, for example card data, employee data from corporate directories, and entitlements from physical access control systems. Import and export of data can be done for various formats, for example LDAP, JDBC, CSV and SCIM. 

Corporate directories

Identity Manager supports connection to directories compliant with the following standard: 

  • LDAP v3

Microsoft Active Directory is a typical example of a supported directory.

For more information, see Integrate Identity Manager with Microsoft services.

JDBC databases

Identity Manager supports connection to databases based on Java database connectivity (JDBC).

The databases are the same as under heading Requirements > Databases.

The SQL Server and Azure SQL databases only support case insensitive queries (which is the default option).

Certificate authorities

This section includes updates for Smart ID 23.04.

The following certificate authority (CA) products and services are supported:

For more information, see Integrate Identity Manager with certificate authority (CA). 

Other CAs can be integrated on demand.

Physical access control systems (PACS)

This section includes updates for Smart ID 23.04.2.

This article describes which physical access control systems (PACS) are supported by Smart ID Identity Manager via Smart ID Physical Access component.

For some PACS systems you need an additional license to do this integration. Contact your PACS vendor for more information.

The following physical access systems (PACS) are supported by Identity Manager:

Vendor

System

Supported versions

Comment

Vendor

System

Supported versions

Comment

ASSA

Arx

4.7

 

Siemens

Bewator 2010 Omnis

6.2

 

Bravida

Integra

7.3, 8.1

From version over 7.41 extended license is required.

Evva Salto

SALTO ProAccess

12.2

 

Evva Salto

SALTO ProAccess SPACE

6.4

 

dormakaba

KABA Exos 9300

4.2.0

 

Interflex Datensysteme GmbH (Allegion Group)

Interflex IF-6040

12.1.1

 

Pacom

Unison

5.8.6

 

RCO

RCARD M5

5.49 

 

RCO 

RCARD M5 Admin API

5.49

 

Security Shells

iSecure

  • for integration with HID controllers

2.4

 

Siemens

SiPass Integrated

2.76

 

Siemens

SiPort

MP 3.1.3

 

Unitek

Unilock

2.0

 

Lenel

OnGuard

6.6

Limited support (IDC)

Stanley

Stanley Security Manager (SSM)

8.0, 8.1

Limited support (IDC)

Stanley

Niscayah Integration Manager (NIM3)

3.40

Limited support (IDC)

Set up integrations

For more information, see Integrate Identity Manager with physical access control system (PACS). 

There is also a PACS demo service included in the Physical Access component that can be used to simulate PACS integration. 

Mobile device management (MDM)

The following mobile device management (MDM) product is supported in Identity Manager:

  • MobileIron 10.4 - 10.7

Other MDM systems can be integrated on demand.

Digital identities

Smart cards and middleware in Identity Manager

Supported smart cards depend on the smart card middleware. Smart card middleware is not part of Identity Manager.

Identity Manager connects to a smart card via the PKCS#11 library provided by the middleware. For a list of supported cryptochips and smart cards, see the corresponding technical specification of the middleware.

CardOS 4.4 and CardOS 5.0 are Nexus' reference cards for testing. Other cards listed in the middleware specification also normally work, but must be tested individually for the specific requirement.

The following smart card middleware products are supported: 

Vendor or product 

Version

Reference card 

Vendor or product 

Version

Reference card 

Nexus Personal Desktop Client

5.8 / 5.11 (1)

CardOS 5.0

CardOS 5.3

CardOS 6.0DI (Personal Client version 5.10 onwards)

AET SafeSign

3.0.93

CardOS 4.4
Neowave Weneo

Atos CardOS API

5.4 (2) / 5.5.1 (2b)

CardOS 5.0
CardOS 5.3

Charismathics CSSI

5.4

CardOS 5.0
TPM

Cryptovision cv act sc/interface

8.0.16

CardOS 5.0
CardOS 5.3

Gemalto IDGo800 Pkcs#11 Library

1.2.4

IDPrime MD830

Morpho Ypsid

7.0.1

Ypsid S3

Oberthur AWP

5.1.1

V 7.0.1

Thales Safenet Authentication Client (3)

10.7 / 10.8R2

IDPrime MD830
IDPrime MD840
IDPrime MD940 (4)

T-Systems TCOS3 NetKey

1.8.3.1 (5)

TeleSec Signature Card V2.0
TeleSec IDKey 1.0

Deutsche Telekom TCOS NetKey

1.12.4.0 (6)

TCOS 4.0 NetKey
TeleSec Signature Card V2.0
TeleSec IDKey 1.0

Idopte (7)

 6.23.0.25 (8)

JCOP 3 (P60) with one specific custom profile
JCOP 4.5 (P71) with common IN Groupe profile (9)

(1) 5.11 or later recommended for full 64 bit support (32 bit JVM no longer needed for PKI Card production through Card SDK).

(2) 5.4W14 or later is required for certain features.

(2b) Versions before 5.5.1 have known issues with elliptic curve support.

(3) Supersedes Gemalto IDGo800 (contains IDPrimePKCS11.dll as optionally installable component in addition to eToken.dll).

(4) Signature slot support on MD940 requires use of IDPrimePKCS11.dll (optionally installable component) instead of eToken.dll.

(5) 1.8.3.1 is the minimum compatible version. Nexus recommends 1.8.3.2 or Deutsche Telekom TCOS NetKey 1.12.4.0 / 1.13.5.0.

(6) Requires Identity Manager 22.10 and above, supersedes T-Systems TCOS3 NetKey. Nexus recommends 1.12.4.0 or 1.13.5.0. DLL names may vary between versions.

(7) May use different branding (for example "IN Groupe").

(8) Later versions are recommended due to known issue concerning pin input length on PIN pad readers.

(9) JCOP 4.5 cards with Chipdoc applet versions before 4.1.1 are not supported on some PIN pad readers (e.g. Xiring/Ingenico Leo) due to missing support for chained APDUs in the card firmware.

Yubikey Yubikeys

Identity Manager supports certificate enrollment to Yubico YubiKey 5 PIV tokens via Smart ID Desktop App. 

Fido2 tokens on Yubikey are not supported. 

Virtual smart cards

Virtual smart cards are supported with Smart ID Desktop App.

For more information, see Set up virtual smart card management in Identity Manager. 

Language support

The following languages are supported: 

  • English

  • French

  • German

  • Swedish

Additional information

Copyright 2024 Technology Nexus Secured Business Solutions AB. All rights reserved.
Contact Nexus | https://www.nexusgroup.com | Disclaimer | Terms & Conditions