Create configuration
-
Click Administration in the top menu to open the Administration window.
-
Under Tasks, click Manage, and then select the function.
Available tasks
All new configurations are made from Manage and the specific configuration you wish to create. Available functionality are:
| Function | Description |
|---|---|
Acquis – Create |
Create a new aquis for officers to be used with a certificate template. |
Bootstrap |
Use the bootstrap feature to start the configuration of a new installation to make initial configurations and to remove start-up tokens and configurations. |
Certificate Authority - Create |
Create a new Certificate Authority for logging only and/or for issuing of certificates |
Certificate template - Create |
Create a new certificate template with correlation to a certificate template in the CA with specific modifications |
Configuration order - Create |
Create an order of a configuration change that is sent to a central administrator for implementation. |
Configurations - Export |
Possible to export configuration in GZ format. |
Directory service - Create |
Create a new directory service connector to your Active Directory or other directory service for user synchronization |
E-mail service - Create |
Create a new e-mail service for information that will be sent to end users or administrators |
License - Export |
Under Development, not used in this version |
License - Generate |
Under Development, not used in this version |
License – Generate client license |
Under Development, not used in this version |
License – Import |
Under Development, not used in this version |
License - Upload |
Under Development, not used in this version |
National register - Create |
Create a new connector to a national service, for example the Navet service, with information regarding citizens |
Office - Create |
Create a new office for current organization |
Office address - Create |
Create a new office address for correlation with office name |
Organization - Create |
Create a new organization. |
Report - Create |
Create a new report that will be shown in the reports tab |
Role - Create |
Create a new user role for correlation with a user group |
SMS service - Create |
Create a new SMS service for information that will be sent to end users or administrators |
Token manufacturer - Create |
Create a new token manufacturer to be able to send and receive information for external card production |
Token profile - Create |
Create a new token profile, for example a new type of smart card or USB token |
Token template - Create |
Create a new token template such as smart card, USB token or soft token with specific modifications |
User group - Create |
Create a new user group for correlation with user role |
Whitelist – Create rule |
Create a new rule in a whitelist for a specific certificate template for function certificates. |
Acquis — Create
Acquis is used to force officer’s to accept the processes regarding the management of a specific certificate. The acquis has to be approved by the officer for him/her to be able to issue a certificate via the specific certificate template or a token using the certificate template.
| Information | Description |
|---|---|
Certificate template |
Certificate template that acquis will be submitted for |
Validity period |
Validity Period of the Acquis |
Acquis |
Acquis text; PDF or text |
Bootstrap
The bootstrap feature will only be used when installing a new NiP system and will be described under section 6 First time set-up in a future version of the document.
Certificate Authority — Create
Create a new Certificate Authority for logging only and/or for issuing of certificates.
The configuration fields available are listed in the table below, mandatory fields are marked with asterisk (*):
| Information | Description |
|---|---|
Name* |
Name of the CA server service |
Server* |
DNS name or IP of the CA server |
CA service* |
Manufacturer of CA service |
Enrollment type* |
Type of the CA service |
KeyID |
KeyID from the CA certificate that will be used for logging on to the service. Only necessary if the certificates issued by this CA should be used for logging on to NiP. |
SignatureCertificateHash |
Certificate thumbprint used for CMC enrollment against MSCA. |
OCSP |
Static URL for revocation control via OCSP |
CRL |
Static URL for revocation control via CRL |
Credential domain name |
Domain for impersonated account when connecting to external CA. |
Credential user name |
User name for impersonated account when connecting to external CA. |
Credential password |
Password for impersonated account when connecting to external CA. |
Certificate |
Certificate for the CA service (Base64 encoded) |
Additional info |
Custom CA parameters for NiP, XML formatted. See Additional info |
Certificate template — Create
Create new certificate template with correlation to certificate template in CA with your specific modifications
The configuration fields available are listed in the table below, mandatory fields are marked with asterisk (*):
| Information | Description |
|---|---|
Certificate Authority* |
Name of the certificate authority the certificate template will use to issue certificates. |
Name* |
Name of the certificate template |
Description |
Detailed description of the certificate template |
Type* |
Type: Additional, Client, Server |
Configuration visible |
Possible to show or hide the certificate template in the Officer’s GUI |
CA Service: Certificate template name* |
Name of the certificate template in the Certificate Authority |
CA Service: Certificate profile name |
Certificate profile name (EJBCA CA Only) |
CA Service: End entity name |
End entity name (EJBCA CA Only) |
Validity key* |
Validity of certificate: Days, Hours, Minutes, Moths, Seconds, Weeks, Years |
Validity value* |
The value of the validity in relation to "Validity key" chosen |
Asymmetric key algorithm* |
Key algorithm: DSA, ECDH, ECDSA, RSA |
Hash algorithm* |
Hash algorithm: SHA1, SHA256, SHA348, SHA512 |
Key parameter* |
Key parameter: Default ’0x800’ |
Key usage* |
Key usage, should be inserted as hex code; example ‘0xA0’ for Identification |
Extended key usage |
Extended key usage |
SubjectName: Common name (CN)* |
SubjectName Common name |
SubjectName: Given name (GN) |
SubjectName Given name |
SubjectName: Surname (SN) |
SubjectName Surname |
SubjectName: Organizational Unit name (OU) |
SubjectName Organizational Unit |
SubjectName: Organization name (O) |
SubjectName Organization name |
SubjectName: Serial number |
SubjectName Serial number |
SubjectName: Email address ( E) |
SubjectName Email address |
SubjectName: Title |
SubjectName Title |
SubjectName: Locality (L) |
SubjectName Locality |
SubjectName: State/Province (ST) |
SubjectName State/Province |
SubjectName: Initials |
SubjectName Initials |
SubjectName: Street address |
SubjectName Street address |
SubjectName: Country © |
SubjectName Country |
SubjectName: Unstructured name |
SubjectName Unstructured name |
SubjectName: Unstructured address |
SubjectName Unstructured address |
SubjectAltName other name: msUPN (UserPrincipalName) |
SubjectAltName other name user principal name (UPN) |
SubjectAltName: Email address (rfc822Name) |
SubjectAltName Email address according to RFC822 |
SubjectAltName: DNS (dNSName) |
SubjectAltName DNS |
SubjectAltName: Directory name |
SubjectAltName Directory name |
SubjectAltName: URI: URL (uniformResourceIdentifier: url) |
SubjectAltName URI |
SubjectAltName: IP address |
SubjectAltName IP address |
SubjectAltName other name: GUID |
SubjectAltName other name GUID |
SubjectAltName other Name: Object identifier (OID) |
SubjectAltName other Name Object identifier (OID) |
SEIS kortserienummer |
SEIS smart card serial number |
QC Statements: QcCompliance |
QcCompliance Statements |
QC Statements: QcEuLimitValue – Amount |
QcEuLimitValue |
QC Statements: QcEuLimitValue - Iso4217CurrencyCode |
QcEuLimitValue ISO417 Currency code |
QC Statements: QcSSCD |
QcSSCD Statements Statements |
Additional Info |
Custom Certificate Template parameters for NiP, XML formatted See Additional info |
Additional task info |
Custom Certificate Template parameters for NiP, XML formatted |
Configuration order — Create
| Not included by default, needs to be configured to be used. |
Create a configuration order related to a whitelist rule or other configuration related to a certificate template.
Possible for a user with ConfigurationOrder privilege to make a configuration request and send it to a central administrator.
Choose the certificate template that the request concerns and write information regarding what configurations you would like to add or change.
Configurations — Export
Creates a gzip (.gz) file with exported configuration information.
This file contains no sensitive information and support staff at Pointsharp may ask for a configuration export to be done during support cases.
Directory service — Create
Create new directory service connector to your Active Directory for user synchronization
The configuration fields available are listed in the table below:
| Information | Description |
|---|---|
Type |
MSAD, MSADFS, MSADLDS |
Server |
Name or IP of the AD server or other directory server |
Credential user name |
Possibility to impersonate user account when connecting to directory services |
Credential password |
Password for impersonated user account against directory services. |
E-mail service — Create
Create new e-mail service for information to be sent to end users or administrators.
The configurations fields available are listed in the table below, mandatory fields are marked with asterisk (*):
| Information | Description |
|---|---|
Name* |
Name of the template |
Server* |
Name or IP of the e-mail server |
Port |
Port to be used |
RequireSsl* |
Should SSL be used, False or True |
Address* |
Sender address, example: ‘netidportal@company.com’ |
Display name* |
Display name of the sender, example: ‘Net iD Portal Info’ |
Subject* |
Subject in the e-mail |
Credential user name |
Username to the e-mail server |
Credential password |
Password to the e-mail server |
Generic text — Create
Create a generic text for a specific functionality. The text resource is shared across all organizations. It is either a notification (send through e-mail or SMS), Terms for a Token/End Entity or a Receipt (HTML formatted).
| Information | Description |
|---|---|
Text type |
Specify the type of text resource (e.g. Notification, Receipt, Terms) |
Notification service |
If the text type is a Notification select “SMTP” or “SMS” as notification service, otherwise select “Application”. |
Task type |
If applicable, select the appropriate task type. |
Text |
The actual text to be displayed or sent. |
National register — Create
Create new connector to databases with information regarding citizens. For example Navet and SPAR.
| Information | Description |
|---|---|
Type |
Specify what type of National service (HSA, RIV, Navet, SPAR) |
Name |
Name of the service |
Service |
URL to the service |
Certificate Hash |
Thumbprint of certificate that will be used to get access to the service |
Customer ID |
Customer ID |
Order ID |
Order ID |
HSA-id |
HSA-id |
HSA Search Base Users |
HSA Search Base for users |
HSA Search Base EndEntity |
HSA Search Base for functions |
Priority |
On/Off. Configuration to decide whether a connection to the HSA service is an “absolute connection” or not (only when a connection to IneraHSA service is used) |
Office — Create
Create new office for current organization.
The configuration fields available are listed in the table below:
| Information | Description |
|---|---|
Name |
Name of the office |
Additional Info |
Custom Office settings for NiP, XML formatted. See document “Net iD Portal – XML configurations, examples” for more information. |
Office address — Create
Create new office address for correlation with office name.
The configuration fields available are listed in the table below:
| Information | Description |
|---|---|
Office |
Office |
Address |
Office address - street address |
Zip code |
Office address - zip code |
City |
Office address - city |
Organization — Create
Create new organization for current portal installation.
The configurations fields available are listed in the table below, mandatory fields are marked with asterisk (*):
| Information | Description |
|---|---|
Name* |
Organization name |
Organizational number* |
Organizational number |
Domain Suffix* |
Organization domain suffix |
Domain Suffix white list |
Organization domain suffix white list for server certificates |
Permissions |
Permissons to other organizations |
Meditation task - Address |
"Förmedlingsuppdrag" address - street address, used for persons with secret address |
Meditation task - Zip code |
"Förmedlingsuppdrag" address - zip code, used for persons with secret address |
Meditation task - City |
"Förmedlingsuppdrag" address - city, used for persons with secret address |
Certificate Hash |
Thumbprint of certificate for organization encryption of communication |
Certificate |
Certificate for organization, base64 encoded |
Certificate identity source* |
Matching of logon certificate for user unique name: SubjectDistinguishedName, SubjectSerialNumber, UserPrincipalName |
Additional info |
Additional info, custom settings for the Organization; XML formatted. See document “Net iD Portal – XML configurations, examples” for more information |
Additional data |
Additional data, other information regarding the Organization; XML formatted. See document “Net iD Portal – XML configurations, examples” for more information |
Additional task info |
Additional task info, dynamic task configurations; XML formatted. See document “Net iD Portal – XML configurations, examples” for more information |
Some configurations are not available until the Organization has been created and the configurations are edited.
These are:
| Information | Description |
|---|---|
Custom|AdditionalInfo|Theme|Style |
Configuration of theme colors for the menu bar. |
Custom|AdditionalInfo|Image|Id,Custom|AdditionalData|Image|Id |
GUID for logotype shown in menu bar. Configuration will automatically change the corresponding config in AdditionalInfo. The syntax is: |
Custom|AdditionalData|Image|Data |
Logotype file for logotype shown in menu bar (jpg, png or tif). |
Custom|Test |
Configuration to activate a preview of the customization done to the menu bar or not. |
Additional configurations for menu bar:
Report — Create
Create new report query that will be shown in the reports tab.
The configuration fields available are listed in the table below:
| Information | Description |
|---|---|
Name |
Name of report |
Description |
Detailed description of report |
Query |
SQL query that should be executed. Must begin with "Select" or “USE NiPDB_log;” |
Role — Create
Create new user role with certain privileges for correlation with a user group.
Officer privileges
Available officer privileges are listed in the table below:
| ID | Name | Description |
|---|---|---|
1 |
UserView |
View user post |
2 |
UserAdd |
Add user post |
3 |
UserEdit |
Edit existing user post |
4 |
UserDelete |
Delete existing user post |
5 |
UserSearch |
Search for users in NiP database |
10 |
DirectoryUserSearch |
Search for users in directory service |
11 |
TokenView |
View user token |
12 |
TokenAdd |
Add token |
13 |
TokenEdit |
Edit existing token |
14 |
TokenDelete |
Delete existing token |
15 |
TokenSearch |
Search for tokens in database |
16 |
ActiveUserListView |
View users currently logged on to the service |
17 |
NationalRegisterNavetPersonSearch |
"Navet" search for user |
18 |
NationalRegisterNavetPersonListSearch |
"Navet" search for user list |
19 |
OrganizationDelegation |
Change organization |
20 |
CertificateSearch |
Search for existing user certificates |
21 |
CertificateRevoke |
Revoke existing user certificates |
22 |
CertificateView |
View existing user certificates |
23 |
UserSynchronize |
Synchronize existing user information with directory service |
24 |
LogSearch |
Search for log events in audit log |
25 |
LogView |
View the audit log functionality |
26 |
TokenReceipt |
Create and view receipts for tokens |
27 |
ReportView |
View the report functionality |
31 |
UserEnroll |
Enroll token for existing user |
32 |
TokenRevoke |
Revoke token for existing user |
33 |
TokenUnlock |
Unlock token for existing user |
34 |
OrderTokenPersonalized |
Order personalized token from card manufacturer for existing user |
35 |
OrderTokenPersonalizedBatch |
Order batch of personalized tokens from card manufacturer |
36 |
OrderTokenTemporary |
Order temporary tokens from card manufacturer |
37 |
OrderTokenTemporaryBatch |
Order a batch of temporary tokens from a card manufacturer |
38 |
OrderTokenCodeLetter |
Order a codeletter with security codes for an existing token from a card manufacturer |
39 |
OrderTokenCodeLetterBatch |
Order a batch of security code letters for existing tokens from a card manufacturer |
40 |
ServerEnroll |
Enroll certificate for a server |
41 |
ServerRevoke |
Revoke an existing server certificate |
50 |
SelfView |
View selfservice functionality |
51 |
GenerateOneTimePassword |
Generate an OneTimePassword for a user |
52 |
UserAddSequenceNumber |
Create a user with a sequence number, starting with 15, as serial number instead of a personal number. |
53 |
DistributeTokenOrder |
Distribute/hand over a token to the end user before it get activated in NiP |
54 |
UserGroupAssignment |
Give the user a specific officer role in service |
55 |
UserEnrollLtd |
Enroll a temporary token for an existing user |
56 |
UserEnrollSoft |
Enroll a soft token for existing user |
57 |
UserEnrollSoftLtd |
Enroll a temporary soft token for existing user |
58 |
UserEnrollAdditional |
Enroll an additional token for existing user |
59 |
TokenRenew |
Renew an existing user token |
60 |
UserAddExternal |
Add user post with information taken from external source like LDAP directory or national directory |
61 |
TokenUnlockDisplay |
View personal unblocking code on screen for existing token |
62 |
TokenUnlockChallenge |
Unblock token using challenge/response with delivery of key to mail or sms |
63 |
TokenUnlockChallengeDisplay |
Unblock token using challenge/response on screen |
64 |
AdminView |
View administrative area of service |
66 |
TokenRevokeCertificate |
Revoke certificate on existing token |
67 |
UserImageUpload |
Upload user image for existing user |
68 |
UserSignatureImageUpload |
Upload user signature image for existing user |
69 |
CancelTask |
Cancel ongoing task |
70 |
ReleaseTask |
Release ongoing task |
71 |
UserEnrollAdditionalSelf |
Enroll additional certificates for users existing token via selfservice |
72 |
CreateUserAlias |
Create a local user in the Net iD Portal database and bind it as an alias to a primary account. Depending on how Net iD Portal is configured, the alias account is added to the card:
|
73 |
CreateTokenInit |
Initialize new token |
74 |
ServerView |
View server area of service |
75 |
ServerAdd |
Add server post for certificate enrollment |
76 |
ServerEdit |
Edit existing server post for certificate enrollment |
77 |
ServerDelete |
Delete existing server post |
78 |
ServerSearch |
Search for existing servers and certificates |
79 |
BindUserAlias |
Create a binding between the user’s primary account and secondary account, the alias account. Both primary and secondary account can be local accounts in Net iD Portal, or fetched from an external source such as an AD. Depending on how Net iD Portal is configured, the alias account is added to the card:
|
80 |
CancelTaskExternal |
Cancel ongoing external task, should be used with caution |
81 |
AccessibleOrganizationSearch |
Search in other configurations if configured |
82 |
CreateTokenBatch |
Create a batch of token to manufacturer |
83 |
UserModeSecrecy |
Manage users marked with “Secrecy” in National registers. |
84 |
TokenTerms |
View user terms for a specific token |
85 |
UserRestriction |
Override the user group restriction structure |
86 |
ImportCertificate |
Import certificates from 3rd party Certificate Authority |
87 |
AdditionalIdentities |
View AdditionalIdentites on function (EndEntity) objects |
88 |
AssignOffice |
Assign an Office to a user |
89 |
EndEntityView |
View function (EndEntity) Posts |
90 |
EndEntitySearch |
Search for existing functions (EndEntities) |
91 |
EndEntityAdd |
Add function (EndEntity) posts for certificate enrollment |
92 |
EndEntityEdit |
Edit existing function (EndEntity) post |
93 |
EndEntityDelete |
Delete existing function (EndEntity) Post |
94 |
EndEntityChangeStatus |
Change status of function (EndEntity) |
95 |
EndEntityEnrollInternal |
Enroll internal function (EndEntity) certificate |
96 |
EndEntityEnrollExternal |
Enroll external function (EndEntity) certificate |
97 |
EndEntityRevoke |
Revoke function (EndEntity) |
98 |
EndEntityRevokeCertificate |
Revoke function (EndEntity) certificate |
99 |
UserDisable |
Disable a user |
100 |
EndEntitySynchronize |
Synchronize functions (EndEntity) to a web service, for example HSA service. |
101 |
OrderUserImage |
Order user image from SCS |
102 |
UserEnrollPhone |
Enroll a token to a mobile phone |
103 |
UserEnrollPhoneLtd |
Enroll a temporary token to a mobile phone |
104 |
UserEnrollTablet |
Enroll a token to a tablet |
105 |
UserEnrollTabletLtd |
Enroll a temporary token to a tablet |
106 |
RecoverCertificate |
Imports certificate and token for a token already connected to a user. |
107 |
RecoverCertificateToken |
Personalizes a card and imports certificate and token on the card. |
108 |
RecoverCertificateTokenSoft |
Personalizes a soft token and imports certificate and token on the soft token. |
109 |
CancelTaskPretermit |
Possible to cancel task that is locked to another user. |
110 |
PersonalInformation |
Get a user’s personal information (given name, surname, serial number, phone, email, unit number(s), extract of card register, extract of logs). |
111 |
AdditionalOrderInformation |
Get information in Token.AdditionalInfo. |
112 |
ServerAddExternal |
Import external server certificates not issued by Net iD Portal. |
113 |
DirectoryUserSearchPretermit |
Use an alternative LDAP filter. |
114 |
DeleteUserAliasBinding |
Delete alias binding between the user’s primary account and any other linked user account. This does not delete any of the accounts. |
Administrator privileges
Available administrator privileges are listed in the table below:
| ID | Admin privilegie Name | Description |
|---|---|---|
50001 |
TraceServerManager |
Trace server manager (not in use) |
100000 |
OrganizationView |
View existing organization |
100001 |
OrganizationAdd |
Add organization |
100002 |
OrganizationEdit |
Edit existing organization |
100003 |
OrganizationDelete |
Delete existing organization |
100004 |
OfficeView |
View existing organization office |
100005 |
OfficeAdd |
Add new organization office |
100006 |
OfficeEdit |
Edit existing organization office |
100007 |
OfficeDelete |
Delete existing organization office |
100008 |
OfficeAddressView |
View existing organization office address |
100009 |
OfficeAddressAdd |
Add new organization office address |
100010 |
OfficeAddressEdit |
Edit existing organization office address |
100011 |
OfficeAddressDelete |
Delete existing organization office address |
100012 |
TokenTemplateView |
View existing token templates (e.g. smart card configuration) |
100013 |
TokenTemplateAdd |
Add new token template |
100014 |
TokenTemplateEdit |
Edit existing token template |
100015 |
TokenTemplateDelete |
Delete existing token template |
100016 |
UserGroupView |
View existing user group |
100017 |
UserGroupAdd |
Add new user group |
100018 |
UserGroupEdit |
Edit existing user group |
100019 |
UserGroupDelete |
Delete existing user group |
100020 |
RoleView |
View existing user role |
100021 |
RoleAdd |
Add new user role |
100022 |
RoleEdit |
Edit existing user role |
100023 |
RoleDelete |
Delete existing user role |
100024 |
TokenProfileView |
View existing token profile (e.g. smart card profile) |
100025 |
TokenProfileAdd |
Add new token profile |
100026 |
TokenProfileEdit |
Edit existing token profile |
100027 |
TokenProfileDelete |
Delete existing token profile |
100028 |
ReportAdd |
Add new report template (e.g. SQL query for reports) |
100029 |
ReportEdit |
Edit existing report template |
100030 |
ReportDelete |
Delete existing report template |
100031 |
TokenManufacturerView |
View existing token manufacturer (e.g. configuration for 3rd party token manufacturer) |
100032 |
TokenManufacturerAdd |
Add token manufacturer |
100033 |
TokenManufacturerEdit |
Edit existing token manufacturer |
100034 |
TokenManufacturerDelete |
Delete existing token manufacturer |
100035 |
SmtpTemplateView |
View existing SMTP server template |
100036 |
SmtpTemplateAdd |
Add SMTP server template |
100037 |
SmtpTemplateEdit |
Edit existing SMTP server template |
100038 |
SmtpTemplateDelete |
Delete existing SMTP server template |
100039 |
SmsTemplateView |
View existing SMS server template |
100040 |
SmsTemplateAdd |
Add SMS server template |
100041 |
SmsTemplateEdit |
Edit existing SMS server template |
100042 |
SmsTemplateDelete |
Delete existing SMS server template |
100043 |
NationalRegisterView |
View existing "NAVET" configuratioin |
100044 |
NationalRegisterAdd |
Add "NAVET" configuratioin |
100045 |
NationalRegisterEdit |
Edit existing "NAVET" configuratioin |
100046 |
NationalRegisterDelete |
Delete existing "NAVET" configuratioin |
100047 |
DirectoryServiceView |
View existing directory service (ActiveDirectory) |
100048 |
DirectoryServiceAdd |
Add new directory service |
100049 |
DirectoryServiceEdit |
Edit existing directory service |
100050 |
DirectoryServiceDelete |
Delete existing directory service |
100051 |
CertificateAuthorityView |
View existing certificate authority |
100052 |
CertificateAuthorityAdd |
Add certificate authority |
100053 |
CertificateAuthorityEdit |
Edit existing certificate authority |
100054 |
CertificateAuthorityDelete |
Delete existing certificate authority |
100055 |
CertificateTemplateView |
View existing certificate template |
100056 |
CertificateTemplateAdd |
Add certificate template |
100057 |
CertificateTemplateEdit |
Edit existing certificate template |
100058 |
CertificateTemplateDelete |
Delete existing certificate template |
100059 |
SettingsView |
View settings |
100060 |
SettingsEdit |
Edit settings |
100061 |
GenerateLicense |
Generate license (Under development) |
100062 |
UploadLicense |
Upload license (Under development) |
100063 |
ExportLicense |
Export license (Under development) |
100064 |
ImportLicense |
Import license (Under development) |
100065 |
GenerateClientLicense |
Generate Client license (Under development) |
100066 |
ExportConfiguration |
Export configuration settings of the product. |
100067 |
ManageAdminPrivileges |
Manage admin privileges |
100068 |
FinalizeSetup |
Finalize bootstrap process |
100069 |
AcquisView |
View existing Acquis |
100070 |
AcquisAdd |
Add Acquis |
100071 |
AcquisDelete |
Delete existing Acquis |
100072 |
CertificateWhitelistView |
View existing certificate template whitelists |
100073 |
CertificateWhitelistAdd |
Add certificate template whitelist rules |
100074 |
CertificateWhitelistEdit |
Edit existing certificate template whitelist rules |
100075 |
CertificateWhitelistDelete |
Delete existing certificate whitelist rules |
100076 |
CertificateWhitelistApprovalView |
View certificate template whitelist approvals |
100077 |
GenericTextView |
View existing generic texts for notifications and other texts |
100078 |
GenericTextAdd |
Add generic texts for notifications and other texts |
100079 |
GenericTextEdit |
Edit existing generic texts for notifications and other texts |
100080 |
GenericTextDelete |
Delete existing generic texts for notifications and other texts |
100081 |
UserGroupRestrictionView |
View existing user group restrictions |
100082 |
UserGroupRestrictionAdd |
Add user group restrictions |
100083 |
UserGroupRestrictionEdit |
Edit existing user group restrictions |
100084 |
UserGroupRestrictionDelete |
Delete existing user group restrictions |
1000004 |
CreateWhiteListOrder |
Create whitelist order |
SMS template — Create
Create new SMS template for correspondence with information to the end user or administrator.
The configuration fields available are listed in the table below:
| Information | Description |
|---|---|
Name |
Name of SMS service |
Server |
Name or IP of the SMS service |
Credential user name |
Username for the SMS service |
Credential password |
Password for the SMS service |
Token manufacturer — Create
Create new token manufacturer to be able to communicate with external card vendor.
The configuration fields available are listed in the table below:
| Information | Description |
|---|---|
Name |
Name of manufacturer (predefined) |
Customer reference |
Customer reference number at card manufacturer |
Additional Info |
Additional Info (predefined) |
Token profile — Create
Create a new token profile to add a new token, for example a smart card or USB token.
The configuration fields available are listed in the table below:
| Information | Description |
|---|---|
Token label |
Token label |
Model |
Model |
Data |
Additional Data for the Token Profile; XML formatted. See document “Net iD Portal – XML configurations, examples” for more information |
Additional task info |
Additional task info, dynamic task configurations; XML formatted. See document “Net iD Portal – XML configurations, examples” for more information |
Token template — Create
Create new token template such as smart card, USB token or soft token with your specific modifications.
The configurations fields available are listed in the table below, mandatory fields are marked with asterisk (*):
| Information | Description |
|---|---|
Name* |
Name of token template |
Type* |
Type of token template: SmartCardLtd, SmartCardLtdExt, SmartCardStd, SmartCardStdExt, SoftTokenLtd, SoftTokenStd, PhoneLtd, PhoneStd, TabletLtd, TabletStd |
Description |
Possible to describe the purpose of the token template |
Configuration visible |
On/Off, possible to show or hide token templates for officers. If it is hidden it will not show up as an option in the enrollment flow. |
Certifcate template* |
List of available certificate templates |
Validity - Min value, key* |
Validity Minimum value: Days, Hours, Minutes, Months, Seconds, Weeks, Years |
Validity - Min value* |
In relation to above, value of validity |
Validity - Default value, key* |
Validity default value: Days, Hours, Minutes, Months, Seconds, Weeks, Years |
Validity - Default value* |
In relation to above, value of validity |
Validity - Max value, key* |
Validity maximum value: Days, Hours, Minutes, Months, Seconds, Weeks, Years |
Validity - Max value* |
In relation to above, value of validity |
Token Manufacturer ID |
Name/ID of existing token manufacturer created in "Token manufacturer" |
Manufacturer’s Product ID |
Name/Product ID at token manufacturer |
Manufacturer’s Product description |
Detailed description of token |
Additional info |
Additional information for the Token Template; XML formatted. See document “Net iD Portal – XML configurations, examples” for more information |
Additional task info |
Additional task info, dynamic task configurations; XML formatted. See document “Net iD Portal – XML configurations, examples” for more information |
User group — Create
Create a new user group for correlation with a user role.
The configuration fields available are listed in the table below:
| Information | Description |
|---|---|
Name |
Name of user group |
Roles |
Relation to existing role created under "Roles" |
User group restriction — Create
Possible to restrict user group delegation for each user group.
Configure which user groups that can be assigned for the specific group.
| Information | Description |
|---|---|
User group |
Available user groups |
User group restrictions |
Available user groups |
Whitelist — Create rule
Create a new rule for a certificate template whitelist used with functions (EndEntities) and function certificates.
The configuration fields available for a whitelist rule are listed in the table below:
| Information | Description |
|---|---|
Certificate template |
Certificate template that the rule will apply for |
Common name |
Allowed common name of certificates. May include wildcard “*”, please be careful when using wildcards in rules. |
Organization name |
Organization name of rule (Will be added to O attribute in certificate) |
Organizational number |
Organizational number of organization in rule (Will be added to SERIALNUMBER attribute in certificate) |
Locality |
Locality of organization in rule (Will be added to L attribute in certificate) |
Country |
Country of organization in rule (Will be added to C attribute in certificate) |
Validity period |
Validity period of rule, when validity period is exceeded, the whitelist will be inactive |
Evidence |
Optional evidence regarding controls that may be necessary for all or parts of the information in rules, for example that the organization is owner of the domainname (common name). |
Comments |
Optional comments to the evidence and other actions related to a rule. |