Create new organization

In this section are described the settings and procedures you need to make to set up an organization in Net iD Portal.

Create organization

Click Manage  Organization - Create

Enter all mandatory information about the new organization. See section Organization - Create for information regarding description of all fields. “Certificate Hash” is the thumbprint of the certificate that should be used for encryption between the client and the server. To be able to logon as a user for this organization, this is mandatory. The specified certificate and corresponding keys has to be available an all Webservers that will host the instance.

Certificate identity source

Method for users logging on.

Execute

Add the new organization.

Gain access to organization

Now the organization has been created, but you must also give the organization that you are currently logged on to access to the new organization.

  1. Click Organization  Your current organization  Show, and then click Manage and Update organization.

  2. Under Permissions, select the Your new organization check box, and then click Execute.

Now you should be able to switch organizations from the logo on the top left. Switch to the newly created organization to continue the configuration of this organization.

Create certificate authority

Click Manage  Certificate Authority - Create

  1. Enter the Name of the certificate authority.

  2. Enter the FQDN of the computer running the certificate authority service.

  3. Select the corresponding “CA service” for your certificate authority.

  4. Select the corresponding “Enrollment type” for your certificate authority.

  5. Enter “KeyID” for your issuing certificate authority, it is the “SubjectKeyIdentifier” of the certificate authority’s issuing certificate. This is only necessary if you should be able to log on to NiP with certificates issued from this certificate authority.

  6. OCSP (Optional): Insert FQDN to OCSP Server

  7. CRL (Optional): Insert FQDN to CRL location

  8. Credential domain name (Optional): Insert the domain of the impersonated user

  9. Credential user name (Optional): Insert the impersonated user account

  10. Credential password (Optional): Insert the impersonated user accounts password

  11. Enter the certificate information. This should be the public certificate in Base64 encoded format.

  12. Enter the “Additional info” (not required).

  13. Save the information by clicking “Execute”.

Create token manufacturer

Begin by creating a new token manufacturer:

  • Only one token manufacturer is supported currently, Gemalto.

  • Enter the customer information with the token manufacturer

  • Additional info is created automatically.

Create certificate template

Only mandatory fields are described in this section. See description of all available fields in section Certificate template - Create.
  1. Enter “Certificate Authority (CA)” as retrieved when creating the Certificate Authority.

  2. Enter a “Name” for the certificate template.

  3. Enter a “Description” for the certificate template.

  4. Enter “CA service: Certificate template name” as shown in the certificate authority.

  5. Select “Validity key”.

  6. Enter “Validity value”.

  7. Select “Hash algorithm”, corresponding to the certificate template in the certificate authority.

  8. Enter “Key parameter”.

  9. Enter “SubjectName: Common name (CN)”.

  10. Enter “SubjectAltName otherName: msUPN (User Principal Name)”.

Create directory service

This option is only necessary if the instance should utilize an external directory service for users. If local accounts should be used, this is not mandatory.

  1. Select “Type” of directory service.

  2. Enter the FQDN of the directory service server.

  3. Credential Username (Optional): Enter the credential user name that NiP will impersonate when searching against the directory service

  4. Credential Password (Optional): Enter the credential user names password that NiP will impersonate when searching against the directory service.

  5. Click “Execute” to create the directory service.

Create national register

This option is only necessary if the instance should utilize an external public source for creating users.

If local accounts or directory service should be used, this is not mandatory.

  1. Choose which type of register you want to use

  2. Enter the “Name” which is the display name of the national register.

  3. Enter the “Service” which is the URL for the national register.

  4. Enter the “Certificate Hash” which is the thumbprint of the certificate that should be used for communication with the national register.

  5. Enter the “Customer ID” for the national register.

  6. Enter “Order ID” for the national register.

  7. HSA-id (Only needed if you are configuring an IneraHSA service)

  8. HSA Search base – Users (Only needed if you are configuring an IneraHSA service)

  9. HSA Search base – Functions (Only needed if you are configuring an IneraHSA-Service)

Create office

See section Office - Create for description of all available fields.

  1. Enter the “Name” of the office.

  2. Enter “Additional Info” for the office.

Create office address

  1. Enter “Office”, this is the “Id” of your office created earlier.

  2. Enter “Address” for the office, this is the street address.

  3. Enter “Zip code” for the office.

  4. Enter “City” for the office.

Create role

See section Role - Create for all available privileges and descriptions of them.

  1. Enter a “Name” for the user role and give the role a subset of privileges.

Create SMS template

This configuration is only necessary if users should get one time passwords for activation sent via SMS

  1. Enter “Name” which is the display name of the service.

  2. Enter “Server” which is the URL for the service.

  3. Enter “CredentialUserName” which is the username for the service.

  4. Enter “CredentialPassword” which is the password for the service.

Create token profile

This option is available but should not be used. All available and supported token profiles are delivered with configurations for each instance.

  1. Enter “Token label” which is the display name for the token profile.

  2. Enter “Model”

  3. Enter “Data”

  4. Enter “Additonal task info”

Create token template

  1. Enter “Name” for the token template which is the display name for the token template.

  2. Enter “Type” for the token template which is the type of token this template should impersonate when enrolled.

  3. Select “Validity – Min value, key”.

  4. Enter “Validity – Min value” which is the minimum validity that could be used for this token template.

  5. Select “Validity – Default value, key”.

  6. Enter “Validity – Default value” which is the minimum validity automatically should be used for this token template if nothing is selected.

  7. Select “Validity – Max value, key”.

  8. Enter “Validity – Max value” which is the maximum validity that could be used for this token template.

  9. Select “Token Manufacturer ID” from the list.

  10. Enter “Manufacturer’s Product ID” which is the product number with external manufacturer. This is only necessary if the token is of the type “SmartCardStdExt” and token is manufactured at another site.

  11. Enter “Manufacturer’s Product description” which is the product number with external manufacturer. This is only necessary if the token is of the type “SmartCardStdExt” and token is manufactured at another site. This is visible for the officer when enrolling the token.

  12. Enter “Additional info”

  13. Enter “Additional task info”

Create user group

  1. Enter the name for the group which is the display name for the officer when assigning a user group for a user that should be able to access the service.

  2. Select the “Roles” which will be assigned to the group.