Roles in Digital ID
This article describes the roles that are available in the Digital ID module of Nexus Smart ID.
Specific roles for Digital ID
The following roles are available in the Smart ID Digital ID module:
| Role | Description | Technical reference |
|---|---|---|
Mobile ID user | Self-service role for persons to activate their own mobile IDs. | PcmRolePersonalMobileUser |
Mobile ID administrator | Enables users for self-service and locks profiles. | PcmRolePersonalMobileOfficer |
Software token administrator | Enables self-service role for employees, and starts software token requests. | PstmRoleRegistrationOfficer |
| Software token user | Self-service role for persons to request, recover and revoke their own software tokens. | PstmRoleSelfServiceUser |
| Virtual smart card user | Self-service role for persons to request, provision certificates, reset PIN and lock their own virtual smart cards. | PcmRoleVSCEntitledUser |
| Server certificate approver | Approves server and server certificates requests. | ScmRoleApproverOfficer |
| Server administrator | Manages server and server certificates
| ScmRoleServerAdministrator |
| Server certificate registration officer | Manages server certificates | ScmRoleServerRegistrationOfficer |
Standard roles in Identity Manager
The standard package of Identity Manager provides a set of predefined standard roles that can be used as is or adapted to your requirements. This table lists the standard roles and what rights they have in Identity Manager Admin and Identity Manager Operator respectively.
| Role | Description | Rights | Technical reference |
|---|---|---|---|
| Bootstrap administrator | Does the initial configuration of Identity Manager. | Identity Manager Admin: All | BaseRoleBootstrapAdmin |
| Policy administrator | A user in Identity Manager. | Identity Manager Admin: All | BaseRolePolicyAdmin |
| Service administrator | Makes configurations in Identity Manager, such as:
| Identity Manager Admin: No | BaseRoleServiceAdmin |
| Registration officer | Manages “target” users and identities, who are targets (or objects) of credential management actions. | Identity Manager Admin: No | BaseRoleRegistrationOfficer |
| Approver | Approves card production. | Identity Manager Admin: No | BaseRoleOfficer |
| Card production administrator |
| Identity Manager Admin: No | BaseRoleProductionAdmin |
| Issuing authority | Activates and issues card to requester/user. | Identity Manager Admin: No | BaseRoleIssuingAuthority |
| User administrator |
| Identity Manager Admin: Roles, User Administration | BaseRoleUserAdmin |
| Helpdesk |
| Identity Manager Admin: No | BaseRoleHelpdeskOfficer |
| Self-service user |
| Identity Manager Admin: No | BaseRoleSelfServiceUser |
Self-service visitor |
| Identity Manager Admin: No Identity Manager: No | BaseRoleSelfServiceVisitor |
| Batch sync | A role used for automatic batch synchronization of identities with external sources such as Active Directory. This role can not be assigned to persons, but only used for this purpose. For the batch synchronization to work, the following entry must be set in the system.properties file of the Identity Manager main client: batchSync.permissionRole=BaseRoleBatchSync | Identity Manager Admin: No Identity Manager: No | BaseRoleBatchSync |
| Pre-login user | This role has the permission to execute a process before login, for example, to reset a password. | Identity Manager Admin: No Identity Manager: No | BaseRolePreloginUser |
| Data administrator | Creates and manages variables for two data pools in Identity Manager
| Identity Manager Admin: No Identity Manager: No | BaseRoleDataAdministrator |