Add a smart credential

You enroll smart credentials for users.

Important:  Ensure that you have completed the prerequisites before enrolling a smart credential. This includes:

Step 1: Configure certificate authorities
Step 2: Configure smart credential definitions
Optional: Export a certificate trust chain if your users want to use their smart credential for Windows Smart Card logon.
- See Export an Entrust Managed PKI CA trust chain or Export a Microsoft CA trust chain.
- Create and auto-populate UPN values for users to use a smart card for Windows Smart Card logon.

Note: The digital IDs for a Smart Credential definition should all come from the same certificate authority.

Add a smart credential

1.      Click > Members > Users. The Users List page appears.

2.      Click the User ID for the user.

3.      Click the Authenticators tab. The Authenticators page appears.

4.      Click . A drop-down list of authenticators appears.

5.      Select Smart Credential. The Smart Credential dialog box appears.

6.      Select the smart credential definition containing the PIV data model and enrollment variables you want the smart credential to contain. You set these in Configure smart credential definitions.

7.      Click Add. The smart credential appears in the user's list of authenticators.

Note: A smart credential with an Enrolling state indicates that one or more of the required attributes for the smart credential are not set. For example, if the last name user attribute is not set but is a required smart credential definition variable, the smart credential will be in an enrolling state. In this example, you must edit the user profile and provide a value for the last name attribute. See Add users to Identity as a Service for more information and Edit smart credential settings.

8.      After enrolling the smart credential, you must activate it. To activate the smart credential, on the user's Authenticators page, do the following:

a.      Click  to the right of the smart credential that you want to activate. A drop-down list appears.

b.      If the user has an email, do the following:

–  Click Activate. The Activate Smart Credential dialog box appears.

–  Select the type of Smart Credential to activate: Mobile Smart Credential or Physical Smart Credential.

–  Click Activate. Identity as a Service sends the user an email with a QR code and further instructions.

c.       If the user does not have an email, the user must activate the smart credential from the User Portal. See the Identity as a Service User Online Help for more information.

Note: Click and select Re-Activate from the drop-down list  to send another email to your email address if the first email was not received or the token was not activated before the activation expiry.