Issuing Mobile PACS Credential
Overview
This guide provides detailed instructions for issuing mobile credentials using the Identity Management System (IDMS) and the HID Origo Mobile application. The process involves enrolling a new applicant in the IDMS web portal and provisioning their mobile credential to their smartphone.
Purpose
This procedure is used to:
Register new users in the HID IDMS system
Issue mobile credentials for physical access control
Link mobile devices to user identities for secure authentication
System Requirements
Web Portal
Access to IDMS web portal
Valid administrator credentials
Modern web browser
Mobile Device
Smartphone (iPhone or Android)
HID Mobile Access app installed
Active internet connection
Camera for QR code scanning
Prerequisites
Before beginning the credential issuance process, ensure the following prerequisites are met:
Item | Requirement |
|---|---|
User Information | First name, last name, and email address |
Credential Type | Mobile credential type configured in IDMS |
Access Locations | Defined access locations/permissions for the user |
Mobile App | HID Mobile Access app pre-installed on user's device |
Step-by-Step Procedure
Phase 1: Access the System
Step 1: Log into HID IDMS Portal
Access the IDMS web portal
Authenticated with your digital certificate
Click the Identity section in the main navigation menu
Select 'Add Applicant' from the dropdown options
Expected Result
The 'Add a New Applicant' form will display with empty fields for user information.
Phase 2: Enter Applicant Information
Step 2: Enter Personal Details
Enter the applicant's first name in the FIRST NAME field
Leave the MIDDLE NAME field blank (optional field)
Enter the applicant's last name in the LAST NAME field
All name fields are case-sensitive and will be stored exactly as entered.
Step 3: Select Credential Type
Click the CREDENTIAL TYPE dropdown menu
Select the appropriate IDMS credential type from the list
The credential type determines whether the person can be access a mobile PACS credential.
Step 4: Configure Identity Linking (Optional)
If linking to an existing identity system, complete the Optional section:
Enter the EXTERNAL IDENTITY LINKING KEY if applicable
Enter the user's EMAIL ADDRESS
Enter the USER PRINCIPAL NAME if required by your organization
Step 5: Submit Enrollment
Review all entered information for accuracy
Click the 'Submit' or 'Save' button at the bottom of the form
Wait for the system to process the enrollment (typically 2-5 seconds)
Expected Result
The system will redirect to the user's detail page showing their assigned Employee Number (e.g., 10014099).
Phase 3: Device Enrollment
Step 6: Initiate Device Enrollment
On the user's detail page, locate the Credentials tab
Click the '+ Device' button to add a new mobile device
A device selection dialog will appear
The system may detect previously enrolled devices. Select 'OMNIKEY CardMan 3×21 1' or your appropriate card reader device.
Step 7: Enroll Physical Device
From the 'Select the device' dropdown, choose the card reader (e.g., 'OMNIKEY CardMan 3×21 1')
Review the device details displayed:
Serial Number
ATR (Answer to Reset)
Assigned To information
Policy
Status
If prompted for PIN, enter the device PIN
Click 'Enroll Device' or 'Close' to complete the physical device enrollment
Step 8: Refresh Device Information
Back on the user's detail page, click the 'Refresh Report Data' button
Wait for the system to display 'Obtaining device information...'
The page will update to show the newly enrolled device with its serial number
Expected Result
The device list will display the enrolled device with status 'Added' and associated credentials showing 'ISSUED' status.
Phase 4: Mobile Credential Provisioning
Step 9: Generate Mobile Credential Invitation
In the device details section, click the 'View Details' link or expand the device information
Click the 'Action' dropdown menu
Select 'Pick up your HID Mobile Credential' from the action menu
A modal dialog will appear with the mobile credential invitation
The QR code and invitation code are time-sensitive. Complete the mobile app scanning within the validity period.
Step 10: Display QR Code for Scanning
The modal will display:
A large QR code
Invitation code (e.g., 'ADS7-H65H-YTJN-RXR6')
Instructions for scanning with the HID Mobile App
User ID and email address (e.g., '1000014099 9a1dbbb7ad5119b2ad84@local.net')
Basic device information
Device Type: HID Origo Mobile Identity
Device Management System
Specified Certificate Authority
Step 11: Scan QR Code with Mobile Device
Have the user open the HID Mobile Access app on their smartphone
In the app, tap the option to add a new credential or scan a QR code
Position the smartphone camera to scan the QR code displayed on the computer screen
The app will automatically detect and process the QR code
Wait for the app to download and provision the credential (typically 5-15 seconds)
Alternative Method
If QR code scanning is unavailable, the user can manually enter the invitation code shown in the dialog.
Step 12: Verify Mobile Credential Provisioning
After the mobile app completes provisioning:
The mobile app will display a success message and show the active credential
The credential card will show the user's name and organization
In the IDMS web portal, click the confirmation button in the modal dialog
Return to the user's detail page and verify the device status has updated
Confirm the credential shows as 'ACTIVE' with the correct device information
Expected Mobile Device Details:
Device ID: (Unique identifier, e.g., 1412104381)
Status: ACTIVE
OS Version: (e.g., iOS 16.7.11)
Secure Element Type: EMULATED
Manufacturer: Apple
Model: iPhone X
Application Version: 4.9.1
Verification Checklist
Use this checklist to ensure all steps have been completed successfully:
- User successfully added to IDMS with unique Employee Number
- All required user information entered correctly (name, email)
- Appropriate credential type selected and assigned
- Physical device enrolled with valid serial number
- Credentials show 'ISSUED' status in IDMS
- QR code generated and displayed successfully
- Mobile app successfully scanned QR code
- Mobile credential appears as active in HID Mobile Access app
- Device information updated in IDMS showing mobile device details
- User can successfully present credential for access
Troubleshooting Guide
Common Issues and Solutions
Issue | Possible Cause | Solution |
|---|---|---|
QR code not scanning | Poor lighting, screen glare, or camera focus issue | Increase screen brightness, adjust angle, or manually enter invitation code |
Device enrollment fails | Card reader not connected or driver issue | Verify card reader connection, check device manager for driver status |
Mobile credential not appearing | Network connectivity issue or app permission denied | Check internet connection, verify app has necessary permissions |
Invitation code expired | Too much time elapsed between generation and scanning | Generate a new invitation code from the IDMS portal |
User information missing | Required fields not completed during enrollment | Return to user record and update all mandatory fields |
Credential status shows 'Pending' | Credential issuance process incomplete | Complete device enrollment and refresh page status |
Error Messages
Device not found
The card reader is not properly connected or recognized. Verify USB connection and check Windows Device Manager.
Invalid credential type
The selected credential type is not configured for mobile credentials. Contact your system administrator.
Failed to provision credential
Network or server connectivity issue. Verify internet connection and retry the provisioning process.
User already exists
An account with this information already exists in the system. Search for existing user or use different credentials.