When a digital ID card is expiring, then it can be renewed in Smart ID Self-Service.
Standard workflow
|
|
Actor |
Action |
Option |
Physical ID | Digital ID |
|---|---|---|---|---|---|
|
1 |
Identity Manager |
On a configurable interval, Identity Manager runs the Expiry check, which finds all card certificates that will expire within the coming period. For each affected user, the steps below are done. |
Automatically requests to renew all cards that belong to active AD users. |
- |
|
|
2 |
Self-service user |
Receives an email with instructions. Puts the card in the card reader. Logs in to Smart ID Self-Service and chooses Renew card. |
- |
- |
|
|
3 |
Identity Manager |
Removes expired authentication and signing certificates from the card. Keeps and reuses old encryption certificates. |
- |
- |
|
|
4 |
CA |
Issues a set of new certificates, as needed. The certificates are stored in Identity Manager and on the smart card. |
- |
- |
|
Expiry check:
Smart ID Self-Service renewal:
Technical references
-
PcmProcExpiryCheckEmployeeCard
-
Sub process: PcmProcUSSPRenewEmployeeCard