Skip to main content
Skip table of contents

Identity Manager architecture overview

Smart ID Identity Manager consists of these applications:

Identity Manager has the following basic architecture:

  • J2EE/Java-based server
  • SQL database, connected to the application server
  • User Interface:
    • Identity Manager Admin: HTML5 client
    • Identity Manager Operator: HTML5 client
    • Smart ID Self-Service: HTML5 client
    • Identity Manager Tenant: HTML5 client

Identity Manager architecture


For more information on the supported systems and versions, see Identity Manager requirements and interoperability

Corporate directory

The LDAP connector enables searching and reading identity information from an LDAP directory, such as Active Directory. User authentication with directory-stored password and group-based role assignment are also supported. 

Alternatively, Identity Manager can connect to different HR systems, typically via CSV file import/export.

Certificate authority

Through the PKI connectors, Identity Manager PKI applications can request, renew, and revoke certificates from/in a certificate authority (CA). The PKI connector delivers the certificate template names that are made available by the CA for use. These templates are mapped to Identity Manager certificate types. Multiple CA connections are possible.

Smart cards and software tokens can contain any number of certificates that may be issued by different CAs.

Physical access control systems (PACS)

Through PACS connectors, it is possible to read access profile information from the PACS as well as to provision and de-provision ID cards and entitlements (profile assignment) in PACS systems. The PACS connector may be based on CSV file (asynchronous) or WebServices (synchronous) interfaces.

Identity Manager DB Server

All configuration and run time data is stored in an SQL database.

Identity Manager web server

Includes the Identity Manager clients

Registration client

Identity assurance, data, image and signature capturing.

Production client

Card printing and encoding, batch production.


Support, invalidation, temporary PIN, card reset.


Request, approval, invalidation.

User Self-Services

Request, image capturing, PIN reset, renewal, etc.

Additional information

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.