As an organisation starts to rely on strong authentication for user access, it is vital that the system used to manage these credentials can scale and provide the high levels of reliability required to ensure ongoing user access.
A CMS must be capable of managing credentials for large and often distributed populations, this involves being able to store data on multiple users, devices and credentials and be able to deal with a multiple lifecycle events simultaneously (e.g. card issuance, unlock, update).
There is more to the ability to scale than technical capabilities alone however, it is important a CMS can work within the desired business processes and organisational structure, supporting delegated operations and providing efficient life-cycle processes such as batch issuance and self-service.
CMS technical scalability requirements:
- The CMS should be capable of being deployed across multiple servers for load-balancing, providing resilience and throughput, supporting multiple concurrent operations and users
- Additional servers should be capable of being added as required without affecting the existing core operations
- A CMS should support high volume issuance models, e.g. integration with leading bureau providers for large scale issuance and batch issuance capabilities via desktop smart card printers
- The CMS should be deployable on disaster recovery environments
- The CMS should support infrastructure peripherals including network HSMs and SSL accelerators
- Request and lifecycle operations should be capable of being driven via APIs, to allow for integration with in-house systems providing automated processes
- The CMS should have been proven in real-world deployments for large volumes
CMS operational scalability requirements:
- Flexible role and group-based access controls should be available to enable delegated operations (e.g. an issuer may only be able to issue cards to applicants in their own department, but could provide help desk services to the entire company)
- A CMS should support batch-based processes allowing multiple credentials to be requested or issued in a single operation
- A CMS should provide extensive self-service capabilities to reduce the number of operators required to support credential deployment and ongoing operations
- A CMS should provide flexible search capabilities to ensure operators can rapidly identify the correct record within large populations
- A CMS should provide an easy-to-use workflow driven interface greatly reducing training requirements enabling deployment at scale
- Appropriate interfaces should be provided for operators and end users, enabling rapid deployment of capabilities
- The national ID of Kuwait deployed MyID on multiple load balanced servers to achieve reliable issuance of millions of smart cards and mobile credentials to citizens
- The US TWIC program used MyID’s integration with the IDEMIA smart card personalisation bureau to deliver cards at scale to millions of port workers, reaching a peak of 10,000 cards per day across 160 issuance locations
- The US Department of State use the MyID zero-footprint self-service kiosk to deploy derived PIV credentials to devices in US embassies via a simple self-service process.
MyID is a feature rich credential management system which enables organisations to manage the digital identities of their employees throughout their employment. Easily managing the lifecyle of the credentials from issuance to revocation.
Secure devices such as smart cards, USB Tokens, virtual smart card, smartphones and tablets provide organisations with a convenient form factor to securely store and use digital identities.
To find out more, request a MyID demo today.