Create configuration

  1. Click Administration in the top menu to open the Administration window.

  2. Under Tasks, click Manage, and then select the function. 000088

Available tasks

All new configurations are made from Manage and the specific configuration you wish to create. Available functionality are:

Function Description

Acquis – Create

Create a new aquis for officers to be used with a certificate template.

Bootstrap

Use the bootstrap feature to start the configuration of a new installation to make initial configurations and to remove start-up tokens and configurations.

Certificate Authority - Create

Create a new Certificate Authority for logging only and/or for issuing of certificates

Certificate template - Create

Create a new certificate template with correlation to a certificate template in the CA with specific modifications

Configuration order - Create

Create an order of a configuration change that is sent to a central administrator for implementation.

Configurations - Export

Possible to export configuration in GZ format.

Directory service - Create

Create a new directory service connector to your Active Directory or other directory service for user synchronization

E-mail service - Create

Create a new e-mail service for information that will be sent to end users or administrators

License - Export

Under Development, not used in this version

License - Generate

Under Development, not used in this version

License – Generate client license

Under Development, not used in this version

License – Import

Under Development, not used in this version

License - Upload

Under Development, not used in this version

National register - Create

Create a new connector to a national service, for example the Navet service, with information regarding citizens

Office - Create

Create a new office for current organization

Office address - Create

Create a new office address for correlation with office name

Organization - Create

Create a new organization.

Report - Create

Create a new report that will be shown in the reports tab

Role - Create

Create a new user role for correlation with a user group

SMS service - Create

Create a new SMS service for information that will be sent to end users or administrators

Token manufacturer - Create

Create a new token manufacturer to be able to send and receive information for external card production

Token profile - Create

Create a new token profile, for example a new type of smart card or USB token

Token template - Create

Create a new token template such as smart card, USB token or soft token with specific modifications

User group - Create

Create a new user group for correlation with user role

Whitelist – Create rule

Create a new rule in a whitelist for a specific certificate template for function certificates.

Acquis — Create

Acquis is used to force officer’s to accept the processes regarding the management of a specific certificate. The acquis has to be approved by the officer for him/her to be able to issue a certificate via the specific certificate template or a token using the certificate template.

Information Description

Certificate template

Certificate template that acquis will be submitted for

Validity period

Validity Period of the Acquis

Acquis

Acquis text; PDF or text

Bootstrap

The bootstrap feature will only be used when installing a new NiP system and will be described under section 6 First time set-up in a future version of the document.

Certificate Authority — Create

Create a new Certificate Authority for logging only and/or for issuing of certificates.

The configuration fields available are listed in the table below, mandatory fields are marked with asterisk (*):

Information Description

Name*

Name of the CA server service

Server*

DNS name or IP of the CA server

CA service*

Manufacturer of CA service

Enrollment type*

Type of the CA service

KeyID

KeyID from the CA certificate that will be used for logging on to the service. Only necessary if the certificates issued by this CA should be used for logging on to NiP.

SignatureCertificateHash

Certificate thumbprint used for CMC enrollment against MSCA.

OCSP

Static URL for revocation control via OCSP

CRL

Static URL for revocation control via CRL

Credential domain name

Domain for impersonated account when connecting to external CA.

Credential user name

User name for impersonated account when connecting to external CA.

Credential password

Password for impersonated account when connecting to external CA.

Certificate

Certificate for the CA service (Base64 encoded)

Additional info

Custom CA parameters for NiP, XML formatted.

See document “Net iD Portal – XML configurations, examples” for more information.

Certificate template — Create

Create new certificate template with correlation to certificate template in CA with your specific modifications

The configuration fields available are listed in the table below, mandatory fields are marked with asterisk (*):

Information Description

Certificate Authority*

Name of the certificate authority the certificate template will use to issue certificates.

Name*

Name of the certificate template

Description

Detailed description of the certificate template

Type*

Type: Additional, Client, Server

Configuration visible

Possible to show or hide the certificate template in the Officer’s GUI

CA Service: Certificate template name*

Name of the certificate template in the Certificate Authority

CA Service: Certificate profile name

Certificate profile name (EJBCA CA Only)

CA Service: End entity name

End entity name (EJBCA CA Only)

Validity key*

Validity of certificate: Days, Hours, Minutes, Moths, Seconds, Weeks, Years

Validity value*

The value of the validity in relation to "Validity key" chosen

Asymmetric key algorithm*

Key algorithm: DSA, ECDH, ECDSA, RSA

Hash algorithm*

Hash algorithm: SHA1, SHA256, SHA348, SHA512

Key parameter*

Key parameter: Default ’0x800’

Key usage*

Key usage, should be inserted as hex code; example ‘0xA0’ for Identification

Extended key usage

Extended key usage

SubjectName: Common name (CN)*

SubjectName Common name

SubjectName: Given name (GN)

SubjectName Given name

SubjectName: Surname (SN)

SubjectName Surname

SubjectName: Organizational Unit name (OU)

SubjectName Organizational Unit

SubjectName: Organization name (O)

SubjectName Organization name

SubjectName: Serial number

SubjectName Serial number

SubjectName: Email address ( E)

SubjectName Email address

SubjectName: Title

SubjectName Title

SubjectName: Locality (L)

SubjectName Locality

SubjectName: State/Province (ST)

SubjectName State/Province

SubjectName: Initials

SubjectName Initials

SubjectName: Street address

SubjectName Street address

SubjectName: Country ©

SubjectName Country

SubjectName: Unstructured name

SubjectName Unstructured name

SubjectName: Unstructured address

SubjectName Unstructured address

SubjectAltName other name: msUPN (UserPrincipalName)

SubjectAltName other name user principal name (UPN)

SubjectAltName: Email address (rfc822Name)

SubjectAltName Email address according to RFC822

SubjectAltName: DNS (dNSName)

SubjectAltName DNS

SubjectAltName: Directory name

SubjectAltName Directory name

SubjectAltName: URI: URL (uniformResourceIdentifier: url)

SubjectAltName URI

SubjectAltName: IP address

SubjectAltName IP address

SubjectAltName other name: GUID

SubjectAltName other name GUID

SubjectAltName other Name: Object identifier (OID)

SubjectAltName other Name Object identifier (OID)

SEIS kortserienummer

SEIS smart card serial number

QC Statements: QcCompliance

QcCompliance Statements

QC Statements: QcEuLimitValue – Amount

QcEuLimitValue

QC Statements: QcEuLimitValue - Iso4217CurrencyCode

QcEuLimitValue ISO417 Currency code

QC Statements: QcSSCD

QcSSCD Statements Statements

Additional Info

Custom Certificate Template parameters for NiP, XML formatted

See document “Net iD Portal – XML configurations, examples” for more information

Additional task info

Custom Certificate Template parameters for NiP, XML formatted
(only used for web server certificates).

See document “Net iD Portal – XML configurations, examples” for more information.

Configuration order — Create

Not included by default, needs to be configured to be used.

Create a configuration order related to a whitelist rule or other configuration related to a certificate template.

Possible for a user with ConfigurationOrder privilege to make a configuration request and send it to a central administrator.

Choose the certificate template that the request concerns and write information regarding what configurations you would like to add or change.

Configurations — Export

Creates a gzip (.gz) file with exported configuration information.

This file contains no sensitive information and support staff at SecMaker may ask for a configuration export to be done during support cases.

Directory service — Create

Create new directory service connector to your Active Directory for user synchronization

The configuration fields available are listed in the table below:

Information Description

Type

MSAD, MSADFS, MSADLDS

Server

Name or IP of the AD server or other directory server

Credential user name

Possibility to impersonate user account when connecting to directory services

Credential password

Password for impersonated user account against directory services.

E-mail service — Create

Create new e-mail service for information to be sent to end users or administrators.

The configurations fields available are listed in the table below, mandatory fields are marked with asterisk (*):

Information Description

Name*

Name of the template

Server*

Name or IP of the e-mail server

Port

Port to be used

RequireSsl*

Should SSL be used, False or True

Address*

Sender address, example: ‘netidportal@company.com

Display name*

Display name of the sender, example: ‘Net iD Portal Info’

Subject*

Subject in the e-mail

Credential user name

Username to the e-mail server

Credential password

Password to the e-mail server

Generic text — Create

Create a generic text for a specific functionality. The text resource is shared across all organizations. It is either a notification (send through e-mail or SMS), Terms for a Token/End Entity or a Receipt (HTML formatted).

Information Description

Text type

Specify the type of text resource (e.g. Notification, Receipt, Terms)

Notification service

If the text type is a Notification select “SMTP” or “SMS” as notification service, otherwise select “Application”.

Task type

If applicable, select the appropriate task type.

Text

The actual text to be displayed or sent.

License — Export

Licensing functionality under development

License — Generate

Licensing functionality under development

License — Generate client license

Licensing functionality under development

License — Import

Licensing functionality under development

License — Upload

Licensing functionality under development

National register — Create

Create new connector to databases with information regarding citizens. For example Navet and SPAR.

Table 1. National register — Create configuration fields
Information Description

Type

Specify what type of National service (HSA, RIV, Navet, SPAR)

Name

Name of the service

Service

URL to the service

Certificate Hash

Thumbprint of certificate that will be used to get access to the service

Customer ID

Customer ID

Order ID

Order ID

HSA-id

HSA-id

HSA Search Base Users

HSA Search Base for users

HSA Search Base EndEntity

HSA Search Base for functions

Priority

On/Off. Configuration to decide whether a connection to the HSA service is an “absolute connection” or not (only when a connection to IneraHSA service is used)

Office — Create

Create new office for current organization.

The configuration fields available are listed in the table below:

Information Description

Name

Name of the office

Additional Info

Custom Office settings for NiP, XML formatted.

See document “Net iD Portal – XML configurations, examples” for more information.

Office address — Create

Create new office address for correlation with office name.

The configuration fields available are listed in the table below:

Information Description

Office

Office

Address

Office address - street address

Zip code

Office address - zip code

City

Office address - city

Organization — Create

Create new organization for current portal installation.

The configurations fields available are listed in the table below, mandatory fields are marked with asterisk (*):

Information Description

Name*

Organization name

Organizational number*

Organizational number

Domain Suffix*

Organization domain suffix

Domain Suffix white list

Organization domain suffix white list for server certificates

Permissions

Permissons to other organizations

Meditation task - Address

"Förmedlingsuppdrag" address - street address, used for persons with secret address

Meditation task - Zip code

"Förmedlingsuppdrag" address - zip code, used for persons with secret address

Meditation task - City

"Förmedlingsuppdrag" address - city, used for persons with secret address

Certificate Hash

Thumbprint of certificate for organization encryption of communication

Certificate

Certificate for organization, base64 encoded

Certificate identity source*

Matching of logon certificate for user unique name: SubjectDistinguishedName, SubjectSerialNumber, UserPrincipalName

Additional info

Additional info, custom settings for the Organization; XML formatted.

See document “Net iD Portal – XML configurations, examples” for more information

Additional data

Additional data, other information regarding the Organization; XML formatted.

See document “Net iD Portal – XML configurations, examples” for more information

Additional task info

Additional task info, dynamic task configurations; XML formatted.

See document “Net iD Portal – XML configurations, examples” for more information

Some configurations are not available until the Organization has been created and the configurations are edited.
These are:

Information Description

Custom|AdditionalInfo|Theme|Style

Configuration of theme colors for the menu bar.

Custom|AdditionalInfo|Image|Id,Custom|AdditionalData|Image|Id

GUID for logotype shown in menu bar. Configuration will automatically change the corresponding config in AdditionalInfo. The syntax is:
base color scheme | background color | text color | border color ; tab color ; underline color for current tab ; color for number of tasks

Custom|AdditionalData|Image|Data

Logotype file for logotype shown in menu bar (jpg, png or tif).

Custom|Test

Configuration to activate a preview of the customization done to the menu bar or not.

Additional configurations for menu bar:

Report — Create

Create new report query that will be shown in the reports tab.

The configuration fields available are listed in the table below:

Information Description

Name

Name of report

Description

Detailed description of report

Query

SQL query that should be executed. Must begin with "Select" or “USE NiPDB_log;”

Role — Create

Create new user role with certain privileges for correlation with a user group.

Available officer privileges are listed in the table below:

ID Name Description

1

UserView

View user post

2

UserAdd

Add user post

3

UserEdit

Edit existing user post

4

UserDelete

Delete existing user post

5

UserSearch

Search for users in NiP database

10

DirectoryUserSearch

Search for users in directory service

11

TokenView

View user token

12

TokenAdd

Add token

13

TokenEdit

Edit existing token

14

TokenDelete

Delete existing token

15

TokenSearch

Search for tokens in database

16

ActiveUserListView

View users currently logged on to the service

17

NationalRegisterNavetPersonSearch

"Navet" search for user

18

NationalRegisterNavetPersonListSearch

"Navet" search for user list

19

OrganizationDelegation

Change organization

20

CertificateSearch

Search for existing user certificates

21

CertificateRevoke

Revoke existing user certificates

22

CertificateView

View existing user certificates

23

UserSynchronize

Synchronize existing user information with directory service

24

LogSearch

Search for log events in audit log

25

LogView

View the audit log functionality

26

TokenReceipt

Create and view receipts for tokens

27

ReportView

View the report functionality

31

UserEnroll

Enroll token for existing user

32

TokenRevoke

Revoke token for existing user

33

TokenUnlock

Unlock token for existing user

34

OrderTokenPersonalized

Order personalized token from card manufacturer for existing user

35

OrderTokenPersonalizedBatch

Order batch of personalized tokens from card manufacturer

36

OrderTokenTemporary

Order temporary tokens from card manufacturer

37

OrderTokenTemporaryBatch

Order a batch of temporary tokens from a card manufacturer

38

OrderTokenCodeLetter

Order a codeletter with security codes for an existing token from a card manufacturer

39

OrderTokenCodeLetterBatch

Order a batch of security code letters for existing tokens from a card manufacturer

40

ServerEnroll

Enroll certificate for a server

41

ServerRevoke

Revoke an existing server certificate

50

SelfView

View selfservice functionality

51

GenerateOneTimePassword

Generate an OneTimePassword for a user

52

UserAddSequenceNumber

Create a user with a sequence number, starting with 15, as serial number instead of a personal number.

53

DistributeTokenOrder

Distribute/hand over a token to the end user before it get activated in NiP

54

UserGroupAssignment

Give the user a specific officer role in service

55

UserEnrollLtd

Enroll a temporary token for an existing user

56

UserEnrollSoft

Enroll a soft token for existing user

57

UserEnrollSoftLtd

Enroll a temporary soft token for existing user

58

UserEnrollAdditional

Enroll an additional token for existing user

59

TokenRenew

Renew an existing user token

60

UserAddExternal

Add user post with information taken from external source like LDAP directory or national directory

61

TokenUnlockDisplay

View personal unblocking code on screen for existing token

62

TokenUnlockChallenge

Unblock token using challenge/response with delivery of key to mail or sms

63

TokenUnlockChallengeDisplay

Unblock token using challenge/response on screen

64

AdminView

View administrative area of service

66

TokenRevokeCertificate

Revoke certificate on existing token

67

UserImageUpload

Upload user image for existing user

68

UserSignatureImageUpload

Upload user signature image for existing user

69

CancelTask

Cancel ongoing task

70

ReleaseTask

Release ongoing task

71

UserEnrollAdditionalSelf

Enroll additional certificates for users existing token via selfservice

72

CreateUserAlias

Create a local user in the Net iD Portal database and bind it as an alias to a primary account. Depending on how Net iD Portal is configured, the alias account is added to the card:

  • Automatically

  • Manually by officer

  • Manually by user

73

CreateTokenInit

Initialize new token

74

ServerView

View server area of service

75

ServerAdd

Add server post for certificate enrollment

76

ServerEdit

Edit existing server post for certificate enrollment

77

ServerDelete

Delete existing server post

78

ServerSearch

Search for existing servers and certificates

79

BindUserAlias

Create a binding between the user’s primary account and secondary account, the alias account. Both primary and secondary account can be local accounts in Net iD Portal, or fetched from an external source such as an AD. Depending on how Net iD Portal is configured, the alias account is added to the card:

  • Automatically

  • Manually by officer

  • Manually by user

80

CancelTaskExternal

Cancel ongoing external task, should be used with caution

81

AccessibleOrganizationSearch

Search in other configurations if configured

82

CreateTokenBatch

Create a batch of token to manufacturer

83

UserModeSecrecy

Manage users marked with “Secrecy” in National registers.

84

TokenTerms

View user terms for a specific token

85

UserRestriction

Override the user group restriction structure

86

ImportCertificate

Import certificates from 3rd party Certificate Authority

87

AdditionalIdentities

View AdditionalIdentites on function (EndEntity) objects

88

AssignOffice

Assign an Office to a user

89

EndEntityView

View function (EndEntity) Posts

90

EndEntitySearch

Search for existing functions (EndEntities)

91

EndEntityAdd

Add function (EndEntity) posts for certificate enrollment

92

EndEntityEdit

Edit existing function (EndEntity) post

93

EndEntityDelete

Delete existing function (EndEntity) Post

94

EndEntityChangeStatus

Change status of function (EndEntity)

95

EndEntityEnrollInternal

Enroll internal function (EndEntity) certificate

96

EndEntityEnrollExternal

Enroll external function (EndEntity) certificate

97

EndEntityRevoke

Revoke function (EndEntity)

98

EndEntityRevokeCertificate

Revoke function (EndEntity) certificate

99

UserDisable

Disable a user

100

EndEntitySynchronize

Synchronize functions (EndEntity) to a web service, for example HSA service.

101

OrderUserImage

Order user image from SCS

102

UserEnrollPhone

Enroll a token to a mobile phone

103

UserEnrollPhoneLtd

Enroll a temporary token to a mobile phone

104

UserEnrollTablet

Enroll a token to a tablet

105

UserEnrollTabletLtd

Enroll a temporary token to a tablet

106

RecoverCertificate

Imports certificate and token for a token already connected to a user.

107

RecoverCertificateToken

Personalizes a card and imports certificate and token on the card.

108

RecoverCertificateTokenSoft

Personalizes a soft token and imports certificate and token on the soft token.

109

CancelTaskPretermit

Possible to cancel task that is locked to another user.

110

PersonalInformation

Get a user’s personal information (given name, surname, serial number, phone, email, unit number(s), extract of card register, extract of logs).

111

AdditionalOrderInformation

Get information in Token.AdditionalInfo.

112

ServerAddExternal

Import external server certificates not issued by Net iD Portal.

113

DirectoryUserSearchPretermit

Use an alternative LDAP filter.

114

DeleteUserAliasBinding

Delete alias binding between the user’s primary account and any other linked user account. This does not delete any of the accounts.

Available administrator privileges are listed in the table below:

ID Admin privilegie Name Description

50001

TraceServerManager

Trace server manager (not in use)

100000

OrganizationView

View existing organization

100001

OrganizationAdd

Add organization

100002

OrganizationEdit

Edit existing organization

100003

OrganizationDelete

Delete existing organization

100004

OfficeView

View existing organization office

100005

OfficeAdd

Add new organization office

100006

OfficeEdit

Edit existing organization office

100007

OfficeDelete

Delete existing organization office

100008

OfficeAddressView

View existing organization office address

100009

OfficeAddressAdd

Add new organization office address

100010

OfficeAddressEdit

Edit existing organization office address

100011

OfficeAddressDelete

Delete existing organization office address

100012

TokenTemplateView

View existing token templates (e.g. smart card configuration)

100013

TokenTemplateAdd

Add new token template

100014

TokenTemplateEdit

Edit existing token template

100015

TokenTemplateDelete

Delete existing token template

100016

UserGroupView

View existing user group

100017

UserGroupAdd

Add new user group

100018

UserGroupEdit

Edit existing user group

100019

UserGroupDelete

Delete existing user group

100020

RoleView

View existing user role

100021

RoleAdd

Add new user role

100022

RoleEdit

Edit existing user role

100023

RoleDelete

Delete existing user role

100024

TokenProfileView

View existing token profile (e.g. smart card profile)

100025

TokenProfileAdd

Add new token profile

100026

TokenProfileEdit

Edit existing token profile

100027

TokenProfileDelete

Delete existing token profile

100028

ReportAdd

Add new report template (e.g. SQL query for reports)

100029

ReportEdit

Edit existing report template

100030

ReportDelete

Delete existing report template

100031

TokenManufacturerView

View existing token manufacturer (e.g. configuration for 3rd party token manufacturer)

100032

TokenManufacturerAdd

Add token manufacturer

100033

TokenManufacturerEdit

Edit existing token manufacturer

100034

TokenManufacturerDelete

Delete existing token manufacturer

100035

SmtpTemplateView

View existing SMTP server template

100036

SmtpTemplateAdd

Add SMTP server template

100037

SmtpTemplateEdit

Edit existing SMTP server template

100038

SmtpTemplateDelete

Delete existing SMTP server template

100039

SmsTemplateView

View existing SMS server template

100040

SmsTemplateAdd

Add SMS server template

100041

SmsTemplateEdit

Edit existing SMS server template

100042

SmsTemplateDelete

Delete existing SMS server template

100043

NationalRegisterView

View existing "NAVET" configuratioin

100044

NationalRegisterAdd

Add "NAVET" configuratioin

100045

NationalRegisterEdit

Edit existing "NAVET" configuratioin

100046

NationalRegisterDelete

Delete existing "NAVET" configuratioin

100047

DirectoryServiceView

View existing directory service (ActiveDirectory)

100048

DirectoryServiceAdd

Add new directory service

100049

DirectoryServiceEdit

Edit existing directory service

100050

DirectoryServiceDelete

Delete existing directory service

100051

CertificateAuthorityView

View existing certificate authority

100052

CertificateAuthorityAdd

Add certificate authority

100053

CertificateAuthorityEdit

Edit existing certificate authority

100054

CertificateAuthorityDelete

Delete existing certificate authority

100055

CertificateTemplateView

View existing certificate template

100056

CertificateTemplateAdd

Add certificate template

100057

CertificateTemplateEdit

Edit existing certificate template

100058

CertificateTemplateDelete

Delete existing certificate template

100059

SettingsView

View settings

100060

SettingsEdit

Edit settings

100061

GenerateLicense

Generate license (Under development)

100062

UploadLicense

Upload license (Under development)

100063

ExportLicense

Export license (Under development)

100064

ImportLicense

Import license (Under development)

100065

GenerateClientLicense

Generate Client license (Under development)

100066

ExportConfiguration

Export configuration settings of the product.

100067

ManageAdminPrivileges

Manage admin privileges

100068

FinalizeSetup

Finalize bootstrap process

100069

AcquisView

View existing Acquis

100070

AcquisAdd

Add Acquis

100071

AcquisDelete

Delete existing Acquis

100072

CertificateWhitelistView

View existing certificate template whitelists

100073

CertificateWhitelistAdd

Add certificate template whitelist rules

100074

CertificateWhitelistEdit

Edit existing certificate template whitelist rules

100075

CertificateWhitelistDelete

Delete existing certificate whitelist rules

100076

CertificateWhitelistApprovalView

View certificate template whitelist approvals

100077

GenericTextView

View existing generic texts for notifications and other texts

100078

GenericTextAdd

Add generic texts for notifications and other texts

100079

GenericTextEdit

Edit existing generic texts for notifications and other texts

100080

GenericTextDelete

Delete existing generic texts for notifications and other texts

100081

UserGroupRestrictionView

View existing user group restrictions

100082

UserGroupRestrictionAdd

Add user group restrictions

100083

UserGroupRestrictionEdit

Edit existing user group restrictions

100084

UserGroupRestrictionDelete

Delete existing user group restrictions

1000004

CreateWhiteListOrder

Create whitelist order

SMS template — Create

Create new SMS template for correspondence with information to the end user or administrator.

The configuration fields available are listed in the table below:

Information Description

Name

Name of SMS service

Server

Name or IP of the SMS service

Credential user name

Username for the SMS service

Credential password

Password for the SMS service

Token manufacturer — Create

Create new token manufacturer to be able to communicate with external card vendor.

The configuration fields available are listed in the table below:

Information Description

Name

Name of manufacturer (predefined)

Customer reference

Customer reference number at card manufacturer

Additional Info

Additional Info (predefined)

Token profile — Create

Create a new token profile to add a new token, for example a smart card or USB token.

The configuration fields available are listed in the table below:

Information Description

Token label

Token label

Model

Model

Data

Additional Data for the Token Profile; XML formatted.

See document “Net iD Portal – XML configurations, examples” for more information

Additional task info

Additional task info, dynamic task configurations; XML formatted.

See document “Net iD Portal – XML configurations, examples” for more information

Token template — Create

Create new token template such as smart card, USB token or soft token with your specific modifications.

The configurations fields available are listed in the table below, mandatory fields are marked with asterisk (*):

Information Description

Name*

Name of token template

Type*

Type of token template: SmartCardLtd, SmartCardLtdExt, SmartCardStd, SmartCardStdExt, SoftTokenLtd, SoftTokenStd, PhoneLtd, PhoneStd, TabletLtd, TabletStd

Description

Possible to describe the purpose of the token template

Configuration visible

On/Off, possible to show or hide token templates for officers. If it is hidden it will not show up as an option in the enrollment flow.

Certifcate template*

List of available certificate templates

Validity - Min value, key*

Validity Minimum value: Days, Hours, Minutes, Months, Seconds, Weeks, Years

Validity - Min value*

In relation to above, value of validity

Validity - Default value, key*

Validity default value: Days, Hours, Minutes, Months, Seconds, Weeks, Years

Validity - Default value*

In relation to above, value of validity

Validity - Max value, key*

Validity maximum value: Days, Hours, Minutes, Months, Seconds, Weeks, Years

Validity - Max value*

In relation to above, value of validity

Token Manufacturer ID

Name/ID of existing token manufacturer created in "Token manufacturer"

Manufacturer’s Product ID

Name/Product ID at token manufacturer

Manufacturer’s Product description

Detailed description of token

Additional info

Additional information for the Token Template; XML formatted.

See document “Net iD Portal – XML configurations, examples” for more information

Additional task info

Additional task info, dynamic task configurations; XML formatted.

See document “Net iD Portal – XML configurations, examples” for more information

User group — Create

Create a new user group for correlation with a user role.

The configuration fields available are listed in the table below:

Information Description

Name

Name of user group

Roles

Relation to existing role created under "Roles"

User group restriction — Create

Possible to restrict user group delegation for each user group.

Configure which user groups that can be assigned for the specific group.

Information Description

User group

Available user groups

User group restrictions

Available user groups

Whitelist — Create rule

Create a new rule for a certificate template whitelist used with functions (EndEntities) and function certificates.

The configuration fields available for a whitelist rule are listed in the table below:

Information Description

Certificate template

Certificate template that the rule will apply for

Common name

Allowed common name of certificates. May include wildcard “*”, please be careful when using wildcards in rules.

Organization name

Organization name of rule (Will be added to O attribute in certificate)

Organizational number

Organizational number of organization in rule (Will be added to SERIALNUMBER attribute in certificate)

Locality

Locality of organization in rule (Will be added to L attribute in certificate)

Country

Country of organization in rule (Will be added to C attribute in certificate)

Validity period

Validity period of rule, when validity period is exceeded, the whitelist will be inactive

Evidence

Optional evidence regarding controls that may be necessary for all or parts of the information in rules, for example that the organization is owner of the domainname (common name).

Comments

Optional comments to the evidence and other actions related to a rule.