MyID CMS v12.18 – smarter identity, simpler operations

Our latest release brings biometric FIDO enrolment, expanded device support, and a completely modernised role management system — all designed to give your organisation greater control and confidence.

From streamlined fingerprint enrolment at the point of passkey registration, to richer lifecycle controls and a fully overhauled role management experience, this release addresses some of the most requested improvements from our customers — while laying stronger architectural foundations for the deployments of tomorrow.

Fingerprint enrolment for FIDO security keys

One of the most friction-heavy moments in any phishing-resistant credential rollout has been the gap between issuing a FIDO security key and getting the user’s biometrics registered. With MyID v12.18, that gap closes.

Fingerprint enrolment now happens directly at the point of passkey registration, giving users a single, streamlined onboarding step rather than a disjointed two-stage process. Once enrolled, users benefit from a faster and more convenient sign-in experience using their fingerprint, while the device PIN remains available as a fallback whenever required.

Compatible devices include the YubiKey Bio Multi-Protocol Edition, YubiKey Bio FIDO Edition, OneSpan DigiPass FX1 Bio, and SafeNet eToken Fusion Bio.

Broader hardware support across leading vendors

MyID v12.18 significantly expands its device ecosystem, with new support added across four major hardware vendors. Most notably, Swissbit devices are now fully supported — a welcome addition for organisations that need to manage PKI, passkeys, and physical access control (PACS) credentials on a single device.

Newly supported devices:

• Swissbit iShield Key 2 FIDO2
• Swissbit iShield Key 2 Pro
• Swissbit iShield Key 2 Pro FIPS
• Swissbit iShield Key 2 Pro Mifare
• OneSpan Digipass FX7
• OneSpan Digipass FX1 Bio
• IDEMIA ID-One Key Bolt
• Thales SafeNet eToken Fusion NFC PIV
• Thales SafeNet eToken Fusion BIO

Richer credential lifecycle management

Credential lifecycle events — cancellations, renewals, device disposals — generate data that organisations rely on for auditing, compliance, and inventory control. In v12.18, MyID CMS gives administrators far greater precision over how those events are recorded and acted upon.

When a credential is cancelled, the system can now enforce immediate or scheduled downstream actions across different certificate types, and send automated notifications to external systems. Cancellation reasons and disposal statuses can now be specified per credential profile, removing ambiguity and preventing incorrect entries during the lifecycle process.

Whether a device was returned, destroyed, or placed back into inventory, MyID ensures its final recorded state is accurate — delivering measurably better audit trails and tighter inventory control.

A completely overhauled role management experience

Role-based access control sits at the heart of how organisations govern who can do what within MyID. In v12.18, the entire configuration and management experience for roles has been rebuilt from the ground up.

The result is a modern, web-based interface that replaces legacy tooling with something considerably more intuitive. Administrators can now control access to advanced API operations, assign operations across multiple roles in fewer steps, and access richer reporting on role configurations.

Alongside the roles overhaul, several additional workflows have been modernised within the MyID Operator Client — including editing and importing groups, certificate authorities, the system status report, and device import.

Simplified server communications for DMZ deployments

For organisations running MyID in split-tier or DMZ configurations, v12.18 removes a longstanding architectural complexity. MyID can now use secure HTTPS and OAuth authentication for communication between web and application servers, retiring the legacy dependency on NTLM and Windows COM+.

The practical benefits are significant: no shared Windows domain accounts, no additional firewall ports to manage, and no proxy installer packages on web servers. All inter-server traffic is encrypted end-to-end, with full compatibility with modern cloud and hybrid infrastructure.

IDEMIA MSO 1300 Series fingerprint reader support

MyID CMS now integrates with the IDEMIA MSO 1300 Series fingerprint readers for biometric verification, supporting both operator-led and self-service workflows. These devices can be deployed across key CMS processes, including Reset Card PIN, PIV Card activation, and user authentication for PIV re-enrolment.

The series offers two models: the MSO 1300 E4, a compact reader for space-conscious environments, and the MSO 1350 E4, which adds an integrated smart card reader for enhanced functionality.

Ready to explore everything in MyID CMS v12.18?

Download the full release notes to get the complete picture — including detailed technical specifications, compatibility information, and guidance on upgrading.