- Created by Karolin Hemmingsson, last modified by Josefin Klang on Jun 16, 2023
This article provides installation requirements and interoperability data for Smart ID Identity Manager.
Recommendations
Read the information under header "Deployment and sizing considerations" in Smart ID deployment recommendations.
Read the information under header "Database recommendations" in Smart ID deployment recommendations.
Requirements
The following databases are supported:
- SQL Server 2016
- SQL Server 2017
- SQL Server 2019
- Azure SQL
- Oracle Database 12c
- Oracle Database 19c
- PostgreSQL 11
- PostgreSQL 12
PostgreSQL 14
PostgreSQL 15
For SQL Server and Azure SQL see also the transaction isolation level requirements here: Set transaction isolation level for MS SQL when used with Identity Manager
All Identity Manager clients are executed in up-to-date HTML5 web browsers such as:
- Mozilla Firefox
- Google Chrome
- Safari
- Microsoft Edge (Chromium)
Identity Manager releases are always tested with the latest browser versions.
The following version of JasperReports is supported:
- Templates in JasperReports format (.jrxml) version 6.5.1 are supported
The following requirements apply for a workstation that is to be used as a capture client or production client:
- Nexus Card SDK of the latest version is supported and must be installed. See here for information about the latest Card SDK version.
- Windows-based workstation (PC). For more information, see Card SDK requirements and interoperability.
For PKI cryptochip encoding the following is also required:
- A PKCS#11 compliant smart card middleware.
- For a list of supported smart card middleware, see heading "Smartcards and smartcard middleware".
- OpenJDK or Oracle Java
- Version 11 (64-bit), tested on OpenJDK 11.0.6+10
- Architecture: 32-bit (for any smart card middleware) or 64-bit (for any smart card middleware except Nexus Personal)
The smart card middleware and client-side Java must have the same OS architecture, either 32-bit or 64-bit, since Identity Manager's encoding component connects from the client-side Java to the middleware.
The following requirements apply for the use of PKI cryptochip encoding features on Identity Manager Self-Service clients:
- Smart ID Desktop App of the latest version is supported and must be installed. See here for information about the latest Smart ID Desktop App version. For more information, see Smart ID Desktop App requirements and interoperability.
- A PKCS#11 compliant smart card middleware must be installed.
- For a list of supported smartcard middleware, see heading "Smartcards and smartcard middleware".
The following requirements apply for Identity Manager war files deployment installations:
- Tomcat 8/9
- Java 11
Interoperability
Data connectors
Identity Manager allows synchronization of data with external systems for many different use cases, for example card data, employee data from corporate directories, and entitlements from physical access control systems. Import and export of data can be done for various formats, for example LDAP, JDBC, CSV and SCIM.
Identity Manager supports connection to directories compliant with the following standard:
- LDAP v3
Microsoft Active Directory is a typical example of a supported directory.
For more information, see Integrate Identity Manager with Microsoft services.
Identity Manager supports connection to databases based on Java database connectivity (JDBC).
The databases are the same as under heading Requirements > Databases in Identity Manager requirements and interoperability.
The SQL Server and Azure SQL databases only support case insensitive queries (which is the default option).
The following certificate authority (CA) products and services are supported:
- Smart ID Certificate Manager, see Smart ID 23.04 - Compatibility for more information.
- Microsoft Active Directory Certificate Services (ADCS) 2012 / 2012 R2 / 2016 / 2019
- D-Trust Managed PKI
- IDNomic version 4.8.1
- EJBCA version 6.15
- DFN Managed PKI
- QuoVadis PKI
For more information, see Integrate Identity Manager with certificate authority (CA).
Other CAs can be integrated on demand.
The following physical access systems (PACS) are supported by Identity Manager:
| Vendor | System | Supported versions | Comment |
|---|---|---|---|
| ASSA | Arx | 4.7 | |
| Siemens | Bewator 2010 Omnis | 6.2 | |
| Bravida | Integra | 7.3, 8.1 | From version over 7.41 extended license is required. |
| Evva Salto | SALTO ProAccess | 12.2 | |
| Evva Salto | SALTO ProAccess SPACE | 6.4 | |
| dormakaba | KABA Exos 9300 | 4.2.0 | |
| Interflex Datensysteme GmbH (Allegion Group) | Interflex IF-6040 | 12.1.1 | |
| Pacom | Unison | 5.8.6 | |
| RCO | RCARD M5 | 5.49 | |
| RCO | RCARD M5 Admin API | 5.49 | |
| Security Shells | iSecure | 2.4 | |
| Siemens | SiPass Integrated | 2.76 | |
| Siemens | SiPort | MP 3.1.3 | |
| Unitek | Unilock | 2.0 | |
Lenel | OnGuard | 6.6 | Limited support (IDC) |
Stanley | Stanley Security Manager (SSM) | 8.0, 8.1 | Limited support (IDC) |
Stanley | Niscayah Integration Manager (NIM3) | 3.40 | Limited support (IDC) |
Set up integrations
For more information, see Integrate Identity Manager with physical access control system (PACS).
There is also a PACS demo service included in the Physical Access component that can be used to simulate PACS integration.
Missing your PACS system on the list?
Provide the details of your PACS system in this form and we will contact you.
The following mobile device management (MDM) product is supported in Identity Manager:
- MobileIron 10.4 - 10.7
Other MDM systems can be integrated on demand.
Digital identities
Supported smart cards depend on the smart card middleware. Smart card middleware is not part of Identity Manager.
Identity Manager connects to a smart card via the PKCS#11 library provided by the middleware. For a list of supported cryptochips and smart cards, see the corresponding technical specification of the middleware.
CardOS 4.4 and CardOS 5.0 are Nexus' reference cards for testing. Other cards listed in the middleware specification also normally work, but must be tested individually for the specific requirement.
The following smart card middleware products are supported:
Vendor or product | Version | Reference card |
|---|---|---|
5.8 | CardOS 4.4 + 5.0 | |
AET SafeSign | 3.0.93 | CardOS 4.4 Neowave Weneo |
Atos CardOS API | 5.4 (1) | CardOS 4.2C + 4.4 + 5.0 + 5.3 |
Charismathics CSSI | 5.4 | CardOS 4.4 + 5.0 TPM |
Cryptovision cv act sc/interface | 8.0.16 | CardOS 5.3 |
| Gemalto IDGo800 Pkcs#11 Library | 1.2.4 | IDPrime MD 830 |
Morpho Ypsid | 7.0.1 | Ypsid S3 |
Oberthur AWP | 5.1.1 | V 7.0.1 |
Safenet Authentication Client | 10.7 | IDPrime MD840 and MD940 |
| T-Systems TCOS3 NetKey | 1.8.3.1 (2) | TeleSec Signature Card V2.0, TeleSec IDKey 1.0 |
| Deutsche Telekom TCOS NetKey | 1.12.4.0 (3) | TCOS 4.0 NetKey, TeleSec Signature Card V2.0, TeleSec IDKey 1.0 |
(1) 5.4W14 or later is required for certain features
(2) 1.8.3.1 is the minimum compatible version. Nexus recommends 1.8.3.2 or Deutsche Telekom TCOS NetKey 1.10.9.0, 1.12.4.0, or 1.13.5.0.
(3) Requires Identity Manager 22.10 and above, supersedes T-Systems TCOS3 NetKey. Nexus recommends 1.12.4.0 or 1.13.5.0
Identity Manager supports certificate enrollment to Yubico YubiKey 5 PIV tokens via Smart ID Desktop App.
Fido2 tokens on Yubikey are not supported.
The following virtual smartcard is supported:
Vendor/ Product | Version |
1.4.2 |
For more information, see Set up virtual smart card management in Identity Manager.
Language support
The following languages are supported:
- English
- French
- German
- Swedish
This article is valid for Smart ID 22.04 and later.