A Credential Management System (CMS) must be flexible enough to meet the credential issuance and management needs of an initial deployment but must also be capable of adapting to changes in requirements over time. A typical example of this required flexibility is the ability to support new credential types (e.g. virtual smart cards or mobile) as they become available.
A second common need is to be able to cope with business process changes as organisations change or acquire new entities. This often results in the need to issue and manage different types of credentials in different ways and it is important that a CMS can deliver this capability with a common interface and set of policy controls.
As the technology involved in strong authentication changes rapidly it is vital that the CMS vendor invests in ongoing roadmap and product updates to ensure the latest standards can be utilised
CMS flexibility requirements:
- The CMS should support multiple strong authentication technologies to enable an organisation to choose the most appropriate type of credential for their particular level of security and role of the employee, e.g. smart cards for office-based employees, virtual smart cards for home-based workers and mobile credentials for contractors
- The CMS should be able to define and enforce different issuance and lifecycle management policies for different types of credentials, e.g. permanent cards with a 3 years lifetime requiring authorisation, temporary replacement cards with a 1-week lifetime capable of being issued by approved office staff
- Creating and changing system policy should be via a product graphical user interface, ideally with role-based access control and supported by a secure audit trail of changes
- Low or zero-code tools should be available to configure the data managed by the CMS, e.g. the ability to import a unique employee Id reference form a third-party system and print it on the card surface
- The CMS should be capable of supporting user data from multiple sources, e.g. LDAP directories, via API from IDMS, manually added via operator and self-service enrolment
- Card layouts should be defined as part of the CMS, enabling multiple designs to be created and combining graphical and electronic card personalisation in a single product
- The CMS should have the capability to notify end users when operations are required, e.g. a certificate requires renewing, ideally the notification should provide a direct link for the user to complete the process
- The CMS should be capable of triggering custom in-house defined processes directly from a CMS operation, e.g. to run a script immediately upon collection of a new credential
- The CMS should support multiple languages and provide tools/guidance on how to translate the product interface into different languages
- The CMS should provide flexible APIs, Enquiries and Reports enabling organisations to analyse and utilise data held within the CMS for management information
CMS future proofing requirements:
- The CMS should be technology independent supporting multiple PKI vendors and device manufacturers enabling technologies to be added or removed with no impact on ongoing business operations
- The CMS vendor should have a proactive roadmap with plans to support newer standards as they become available, e.g. managing PKI, Mobile ID and FIDO credentials
- The CMS vendor should be actively involved in though leadership activities around emerging authentication standards
- Major north american mobile network operator (T-mobile) using MyID to issue both PKI credentials and FIDO keys to Yubikey devices for secure access to on-prem and cloud applications from a range of devices
- Global mining organisation using the MyID mobile authenticator app to digitally authporise transactions initiated by SAP from a mobile device
- Input into the FIPS 201-3 standard
- Presenting at the FIDO Authenticate conference on FIDO for the Enterprise and FIDO for Federal Government.
MyID is a feature rich credential management system which enables organisations to manage the digital identities of their employees throughout their employment. Easily managing the lifecyle of the credentials from issuance to revocation.
Secure devices such as smart cards, USB Tokens, virtual smart card, smartphones and tablets provide organisations with a convenient form factor to securely store and use digital identities.
To find out more, request a MyID demo today.