Skip to main content
Skip table of contents

Configuring Device Issuance Policy

The device issuance options allow you to specify how the device will be programmed. You can also configure FIDO enabled security keys, OTP issuance, and derived credentials.

Within this section, you can specify the credential management system that programs the card, the policy that should be utilized for initial issuance, replacement policies, as well as customized data for PACS and biometric verification.

Prerequisites

  • Required Permissions: System Manager Role Definitions

  • Required Software: The IDMS must be connected the to the HID Credential Management System.

Device Issuance Setting Descriptions

  • CMS Server Key: DNS address of the HID CMS server.

  • CMS Card Policy: The HID CMS Device Policy that will be used when programming the card.

  • CMS Card Replacement Policy: The HID CMS Device Policy that will be used when issuing a replacement card.

  • CMS Card Default Replacement Reason: This is the default reason to be used when creating a replacement.

  • Card Validity: The number of years the device will be valid for.

  • FASCN Settings:

    • Agency Code: The agency code that will be programmed into the FASCN.

    • System Code: The system code that will be programmed into the FASCN.

  • Verify Applicant Fingerprint: Whether the applicant should perform a fingerprint verification before the device is issued to them.

How Configure the Device Issuance Policy

Item

Procedure

Example

1

Click Administration and select Credential Types.

image-20260409-151353.png

2

Select a Credential Policy and press the corresponding gear button. Press Configure Policy.

image-20260409-151339.png

3

Select the Device Issuance Section.

image-20260409-151516.png

4

Enter the CMS Server Key. This is the DNS of the HID CMS server.

For example, if the CMS address is https://id.cyberarmed.com/aims/enterprise/operator, enter id.cyberarmed.com in the CMS server key field.

image-20260409-152618.png

5

Enter the CMS Card Policy.

6

Enter the CMS Card Replacement Policy.

7

Select CMS Replacement Reason from dropdown: none, forgotten, damaged, expired, lost, or stolen.

image-20260409-161816.png

8

Enter the Card Validity. This is the number of years the card will be valid.

9

Enter FASCN settings, including the Agency Code and System Code vales.

10

Select Yes or No using drop down for Verify Applicant Fingerprint.

11

Once complete, scroll to the bottom and press the Save Changes button.

Enabling Additional Device Types

The IDMS can also facilitate the issuance of OTP, FIDO Security Keys, and Derived credentials.

Item

Procedure

Example

1

Under the Credential Policy configurations, select the Device Issuance tab. (reference steps 1-3 from prior section)

2

Locate the Permitted Device Types sub-section.

3

For the following selections, enter Yes or No depending on whether the device should be enabled:

  • Security Key

  • OTP

  • Entra ID TAP

  • HID Mobile Credential

image-20260409-153406.png

4

Press the Save Changes button when complete.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close