Page tree
Skip to end of metadata
Go to start of metadata

Use cases for cards are listed for both Physical ID and Digital ID


Expand/Collapse All

Manual use cases


 Use case: Deactivate employee or external card

Standard workflow


ActorActionOptionPhysical IDDigital ID
1Registration officer or HelpdeskIn PRIME Explorer: browses for the person, selects the card and then Deactivate card.Workflow is triggered automatically during the import of person data.

2PRIMEDeactivates card.-

3CADeactivates certificates.-

4

PRIME

Sends information mail to the person, and exports the card data to the PACS system.-

When the person is back again, the card needs to be reactivated. See the following use case: Reactivate card.


Technical references

OptionPhysical IDDigital ID
Deactivate employee cardCCProcDeactivateEmployeeCard

PcmProcDeactivateEmployeeCard (see image)

Deactivate contractor cardCCProcDeactivateContractorCardPcmProcDeactivateContractorCard
Deactivate visitor cardCCProcDeactivateVisitorCardPcmProcDeactivateVisitorCard
 Use case: Reactivate employee or external card

Standard workflow


Actor

ActionOptionPhysical IDDigital ID
1PersonAsks to reactivate the card.

Workflow is triggered automatically during the import of person data.

2

Registration officer or Helpdesk

In PRIME Explorer: browses for the person and selects Reactivate card.

-

3

PRIME

Activates card.

-

4PRIMESends activation mail to the person including PIN and PUK.A PIN information letter is printed and handed to the person.

5

PRIME

Exports the card data to the PACS.

-

6CAReactivates certificates.-

For Contractor cards or Visitor cards, see Activate card in Issue physical ID card.


Technical references

OptionPhysical IDDigital ID
Reactivate employee cardCCProcReactivateEmployeeCard

PcmProcReactivateEmployeeCard (see image)

 Use case: A person forgets the card, gets a temporary card

Standard workflow


ActorActionOptionPhysical IDDigital ID
1Person

Asks for a temporary card.

-

2Registration officerIn PRIME Explorer: Browses for the person, selects Issue temporary card with a default validity of one day.-

3PRIMEDeactivates permanent card, exports the card data to the PACS system.-

4CADeactivates certificates.-

5Card production administrator

Puts a temporary card in the card reader and assigns it to the person.

-

6PRIME

Sets the temporary card state to Active.

-


Technical references

OptionPhysical IDDigital ID
Issue temporary cardCCProcEmployeeTemporaryCard

PcmProcEmployeeTemporaryCard (see image)

 Use case: A person returns a temporary card

Standard workflow


ActorActionOptionPhysical IDDigital ID
1Person

Returns the temporary card.

-

2Registration officerIn PRIME Explorer: browses for the person, and selects Withdraw temporary card.-

3

PRIME

Reactivates the permanent card, exports the card data to the PACS system. Locks the temporary card.

-

4CAReactivates the certificates.-


Technical references

OptionPhysical IDDigital ID
Withdraw temporary card

CCProcWithdrawEmployeeTempCard

PcmProcWithdrawEmployeeTempCard (see image)

 Use case: A persons wants to change the PKI PIN

If the User Self-Service Portal is used, then there is a self-service workflow available for this use case.

Standard workflow


ActorActionOptionPhysical IDDigital ID
1Self-service userPuts the smart card in the card reader and logs in to User Self-Service Portal with smart card and PKI PIN.

-


2Self-service user

Selects Change PKI PIN, confirms the old PKI PIN, and enters a new PIN.

-

3PRIME

Sets this new PKI PIN on the smart card.

-


Technical reference

  • PcmProcUSSPChangePin
 Use case: A persons has forgotten or blocked the PKI PIN

If the User Self-Service Portal is used, then there is a self-service workflow available for this use case.

Standard workflow


ActorActionOptionPhysical IDDigital ID
1Self-service userLogs in to User Self-Service Portal with AD credentials or the "Forgot Password" process.

-


2Self-service user

Selects Unblock PKI PIN and enters the new PIN.

-

3PRIME

Changes the PKI PIN on the smart card by using the PUK in the background that PRIME stores in an encrypted database field.

-


Technical reference

  • PcmProcUSSPUnblockEmployeeCard
 Use case: A persons has blocked the PKI PIN and cannot log in to Windows

When the PKI PIN is blocked, and the person is offline, the helpdesk can help the person unblock it.

Standard workflow


ActorActionOptionPhysical IDDigital ID
1PersonAsks Windows to generate a challenge code. Gives the challenge code by phone to the Helpdesk.-

2Helpdesk

Opens the corresponding card of the person and starts the offline unblocking process to generate the response. Gives the response to the person.

-

3Person

Provides the response to Windows to unblock the card.

-


Technical reference

  • PcmProcUnblockPinOffline
 Use case: A person needs a new card (changed name, email etc.)

Standard workflow


ActorActionOptionPhysical IDDigital ID
1PersonAsks to renew the card.-


2Registration officer or Card production administrator

In PRIME Explorer: Browses for the person, finds the card, and selects Renew card. Edits person data if needed.

-


3Card production administrator

Puts the card in the card reader and renews the card.

-

4PRIME

Removes expired authentication and signing certificates from the card. Keeps and reuses old encryption certificates.


-

5CAIssues a set of new certificates, as needed. The certificates are stored in PRIME and on the smart card.-

6Registration officer

Prints a PIN information letter.

Alternatively, the PIN information is sent by email.


Technical reference

  • PcmProcRenewEmployeeCard


Automated use cases

 Card is expiring, user can renew via USSP

If the User Self-Service Portal is used, then there is a self-service workflow available for this use case.

Standard workflow


ActorActionOptionPhysical IDDigital ID
1PRIME

On a configurable interval, PRIME runs the Expiry check, which finds all card certificates that will expire within the coming period.

For each affected user, the steps below are done.

Automatically requests to renew all cards that belong to active AD users.


2Self-service userReceives an email with instructions. Puts the card in the card reader. Logs in to the User Self-Service Portal and chooses Renew card.-


3PRIMERemoves expired authentication and signing certificates from the card. Keeps and reuses old encryption certificates.-

4CA

Issues a set of new certificates, as needed. The certificates are stored in PRIME and on the smart card.

-



Expiry check:

USSP renewal:

Technical references

  • PcmProcExpiryCheckEmployeeCard
  • Sub process: PcmProcUSSPRenewEmployeeCard