Card and PIN Management
Overview
Every user in YSoft SafeQ 6 can have any number (usually one) of assigned card numbers. Typically, these correspond to the ID badges of employees with RFID and/or similar contactless identification chips. There are many different standards of identification chips, most of which are, however, incompatible among themselves. YSoft SafeQ 6 can work with virtually any of them provided that the terminals are equipped with the right card readers. Note that authentication is based purely on the knowledge of an identification number which can be read from the chip easily or guessed. Chips with long random identifiers are preferred and users should always check the origin and integrity of the reader to achieve a higher level of security.
Instead of or in addition to cards, users may also use numeric PIN codes for authentication at YSoft SafeQ terminals. This PIN code is treated as a virtual card number: it is stored in the same place and managed in the same way. However, a cryptographic hash of the PIN code is stored instead of the current PIN (this behavior can be changed in YSoft SafeQ administration).
Required Access Rights for Managing PIN and Card Activation Codes and Cards
The administrator needs to have access rights for View list of users and Add, edit, and delete users (Users > Roles > Access rights > Users > View list of users, Add, edit, and delete users).
For assigning a card from the YSoft SafeQ management interface, the administrator also needs rights for List of accesses to terminals (Users > Roles > Access rights > Reports > List of accesses to terminals).
PIN (Personal Identification Number)
Users may use numeric PIN codes for authentication at YSoft SafeQ terminals.
The PIN code is treated as a virtual card number: it is stored in the same place and managed in the same way.
Additional information can be found in Managing Users.
Common Steps
Access User edit mode through Users > Users > User (edit or new).
Scroll down to the PIN codes section.
Click Add new PIN.
Adding a PIN for a User
Enter the PIN.
Click SAVE NEW PIN CODE.
Generating a PIN Code Automatically
This feature enables add or generate PIN with time expiration to users. When a PIN expires, the user cannot log in with this PIN and has to generate a new PIN. New PINs can also be generated by an administrator. The administrator can set a PIN expiration date or generate a PIN with a default expiration date.
When a user or administrator generates a new PIN, a notification email with the PIN and its expiration date is sent to the user. Another notification email is sent before a user's PIN is due to expire.
When a user already has a PIN defined and a new PIN is generated, all previous PINs are deleted.
Set PIN code expiration.
Click SAVE NEW PIN CODE. An email with the new PIN code is sent to the user's mailbox.
Configuration
There are several properties related to PIN code generation.
The feature can be enabled by: PIN-generator = true
This property enables setting the length of the variable part of the PIN (without digits in the login name) in digits.
PIN-size = 6
PIN expiration time in days. (Time in days, when a notification email is sent to the user before their PIN expires.)
PIN-default-expiration = 60
PIN-expiration-notification = 7 (This property enables the overriding of old PINs with new PINs. PIN-override = true)
The following two properties handle the archiving of old PINs. When enabled, the old PINs are written in a history table. When a PIN is stored in a history table, it cannot be used as an active PIN. After the PIN archiving period expires, PINs are deleted and can be reused.
PIN-history-enabled = false
PIN-archiving-period = 365
The following properties set the notifications for users.
PIN-enable-email-notifications = true (specifies whether email notifications are sent to the user after a new PIN is generated.)
PIN-enable-display-for-user = true (specifies whether a newly generated PIN is displayed to the user in a browser popup window.)
PIN-enable-display-for-admin = false
Card Numbers
Card numbers are masked with four asterisk symbols (****). In addition, last digit of the card number is preserved, in order to help the managing user/administrator quickly identify card numbers of an user.
This setting can be changed via maskCardNumber property:
true (default) - Enable card masking
false - Disable card masking, reveal the full non-masked card numbers
Card Activation Code
The YSoft SafeQ 6 card activation code is a module used for allocating unregistered cards to users.
Card Activation Code Generation
AUTOMATICALLY: The card activation code is generated after receiving the first print job from a user. YSoft SafeQ 6 subsequently generates the card activation code for the user.
MANUALLY: The card activation code is generated by the administrator by clicking the Generate Card Activation Code button.
You can find more information on Configuring ID Card Self Assignment.
Card Assignment Methods
Card Assignment on Terminals
Card Assignment from the YSoft SafeQ Management Interface:
When there is an unknown card, PIN, or password, the administrator can create a new user or assign a PIN or card number to an existing user.
Additional information can be found in Managing Users.
Access User edit mode through Users > Users > User (edit or new).
Scroll down to the Cards section.
Click Add new card.
Insert card number.
Click Save new card.