HID Mobile Credential

Overview

The Integriti HID Mobile Credential Integration allows HID mobile credentials to be added and managed directly from Integriti. This enables Users to use their mobile devices as access credentials via the HID Mobile Access system.

Version: This document incorporates Version 2.3 of the HID Mobile Credential Integration Manual.

Core Mobile Credential Capabilities

Feature	Description	Version
Generate new credentials for a user	Create and populate newly generated credentials in the mobile credential system into Integriti	v22+
Revoke credentials from Integriti	Cancel invitations or revoke existing credentials via user interface, card deletion, or user removal	v22+
Resend Invitations from Integriti	Send users email invitations to accept new credentials	v22+
Automatically generate credentials	Auto-generate credentials when a change is detected for a user	v22+
Automatically revoke credentials	Auto-revoke credentials or cancel invitations when a user change is detected	v22+
Display Connection Status	Show whether Integriti is currently connected to the mobile credential system	v22+
Generate Alerts from Events/Alarms	Auto-generate and restore Alerts tied to specific credentials or pools	v22+
Trigger Integriti Actions on Events	Trigger actions automatically on events/alarms from the mobile credential system	v22+
Entity Synchronisation	Verify and update users/credentials in the mobile system on Integriti user changes	v22+

Advanced Capabilities

Feature	Description	Version
Populate Configured Credential Pools	Refreshing Child Devices auto-populates all configured credential pools	v22+
Show Card Status	Current status of configured mobile credentials visible in Integriti	v22+
Show Credential Pool Status	Credential pool status (available/not available) visible in Integriti	v22+
64-bit Integration Server Support	Integration runs on the 64-bit integration server	v22+
Categorised Review Records	Different event types have different categories for easy filtering	v22+

Prerequisites

Licensing

Platform	Part Number	Description
Integriti	996964	Mobile Credential Management Integration
Infiniti	997964	Infiniti Mobile Credential Management Integration

Compatibility

The integration works with both:

• Single-use HID Mobile Credential Portals
• Subscription-based HID Mobile Credential Portals

Minimum Installed Integriti Version: v22.1 or higher (Integriti Pro or Infiniti).

Tested Against: HID Origo 2.2

Migration from Legacy HID Cloud Credential Communication Handler

Sites using the legacy HID Cloud Credential communication handler can migrate to the new HID Mobile Credential integration. The legacy handler continues to function for existing configurations in v22 but will be disabled in a future update.

Migration Steps:

1. Configure the new HID Mobile Credential integration in parallel to the legacy communication handler (leave the old handler enabled).
2. Refresh child devices and start the persisted connection of the Mobile Credential System.
3. Existing cloud credentials and user data are automatically migrated to the new format.
4. Once complete, the legacy communication handler is automatically disabled.
5. The legacy handler can then be safely deleted if required.

Important: Do NOT delete the legacy communications handler before migration completes. Filters with dynamic time are NOT supported by the Auto Generate/Revoke Credential features.

HID Portal Setup (Must Complete Before Integriti Configuration)

1. Enable Production API Access

Email HID Partner Services at tpp@hidglobal.com using the template below. Processing may take up to 2 business days. Once enabled, HID will send a confirmation email.

Dear Partner Services Team,
Please enable access to API for our production accounts.
Find the required information below:
1. Organization Name - [Enter your exact organization name of the account on the HID Mobile Access Portal]
2. Solution Name - [Enter the name of the PACS solution to be used with your account]

2. Retrieve System ID

Once Production API access is enabled:

1. Log into the HID Mobile Credential Portal.
2. Navigate to Administration → System Accounts (if not visible, Production API access may not yet be enabled).
3. Select Add System Account.
4. Ensure Credential Type is set to Password and enter the desired password.
5. Take note of the displayed Client ID and the password entered — these are used in Integriti configuration.
6. Save the new System Account.

3. HID Account Type Configuration

When setting up the System Account in the HID Portal:

• Client ID — Generated by the HID system for the system account.
• Service — Enable the “Mobile Identities” service to generate mobile credentials through Integriti.
• Credential Type — Select the “Password” credential type.

HID Credential State to Integriti Card State Mapping

The following table shows how HID Credential Statuses are mapped to Integriti Card States:

HID Credential Status	Integriti Card State
Issued	Active - Issued
Waiting for User to Claim (Issue Initiated)	Active - Waiting for User to Claim (Issue Initiated)
Issuing	Active - Issuing
Issuing Failure	Inactive - Issuing Failure
Revoked	Inactive - Revoked
Revoke Initiated	Inactive - Revoke Initiated
Revoking	Inactive - Revoking
Revoking Failed	Inactive - Revoking Failure
Ready for Mobile ID (Unbound)	Inactive - Ready For Mobile ID (Unbound)

Step-by-Step

Ports Used

The following port must be configured in the Integriti Integration Server and any Integriti Client Machine firewalls:

• HTTPS Port 443 — For communication between the Integriti HID Mobile Credential Integration and the HID Mobile Credential server.

1. Create the Communication Handler

1. Navigate to Administration → Communication Handlers → Add New.

2. Give the handler a Name and add any necessary details in the Notes field.

3. Set Handler Type to Cloud Credential.

4. Select HID Mobile Credential from the Connection settings drop-down.

5. Configure parameters:

   • Client Id: The User ID of the System Account in the HID Mobile Credential system.

   • Client Secret: The password of the System Account.

   • Organisation ID (sometimes called Site ID in HID): The ID specified for the Site to add Credentials from.

   • Client Portal Version: Select the version used:

     • Secure Identity Services: Issues Perpetual Credentials.
     • Origo (2.0) - ActivID IDP: Subscription-based Credentials using ActivID Identity Provider.
     • Origo (2.2) - AWS IDP: Subscription-based Credentials using AWS Identity Provider.
     • Custom URLs: Allows specifying custom URLs for Authentication and other Requests.

   • Poll Frequency: Adjust to modify how often Credential States are updated from HID (only relevant when the handler is enabled).

   • HID Client Portal Environment: Select the environment of the HID Client Portal to connect to (e.g., Production, Staging).

   • State Processing Interval (s): Select how often (in seconds) Integriti polls for card state changes from the HID system.

   • Custom URLs: When using Custom Client Portal Version, specify the custom request endpoint URL.

6. Logging:

   • Log Verbosity: Set to control log output levels. Only logs of the specified level or higher are written (e.g., selecting Warning logs Warning, Error, and Fatal).

7. Invitation Settings (Optional):

   • Send HID Invitations: Enable to send invitations for Credentials using HID’s invitation system.

   Via Email:

   • Email Address Custom Field: Select a Custom Field to auto-populate email addresses. If not specified, the email must be entered manually for each credential.
   • Email Sender Communication Handler: Select an existing Email Sender handler.
   • Email Invitation Format: Customize the email body using context variables (e.g., activation link, invitation code, User details) by clicking the … button.
   • Email Subject Format: Customize the email subject using the same context variables.

   Via SMS:

   • Mobile Number Custom Field: Select a Custom Field to auto-populate mobile numbers.
   • SMS Sender Communication Handler: Select an existing SMS Sender handler.
   • SMS Invitation Format: Customize the SMS message using context variables by clicking the … button.

   Additional Options:

   • Invitation Link: Enter the Invitation Link configured in the HID Portal’s Mobile Credential settings. This is only necessary if sending invitations through Integriti. The invitation code is appended to the end of this link.
   • Delete Users With No Credentials: Enable to automatically delete users from the HID system when they no longer have any valid credentials in Integriti.
   • Card Template (New Credential): Specify a Card Template for new credentials. Can be overridden per child credential pool.

8. Run Mode: To receive automatic Credential Status updates from HID, set Run Mode to anything other than Disabled. Cloud Credentials can still be added even when the handler is Disabled.

2. Assign a Cloud Credential to a User

1. Open the editor for the User to assign a credential to.

2. Select Cloud Credential from the top of the User’s Cards list.

3. Click Add from the top bar and wait for the Cloud Credential Pool details to load.

4. If this is the first time, double-click the Cloud Credential Pool from the Select Cloud Credential Pool dialog.

5. Choose an Assign Option:

   • Assign New Credential: Assigns a new Credential from the Pool using the next available Card Number.
   • Re-Send Invitation: (Shown for Credentials generated but not yet claimed on a mobile device) Re-sends the invitation.
   • Use Existing Credential: (Shown for Credentials already claimed and assigned to the current User) Adds the Credential without sending an invitation.

6. Specify a Card Template for the new Credential.

7. Enter a valid Email Address (and Mobile Number if sending SMS invitations).

8. Click the action button (text varies by Assign Option) to complete.

Verification

• After handler creation, check the Status column in Communication Handlers — it should show Running.
• When a User is successfully linked, review messages indicate the outcome.
• Credential assignment status can be viewed in the User’s Cloud Credential list.

Troubleshooting

Issue	Check
Production API not enabled	Verify the API enablement request was processed by HID (tpp@hidglobal.com). May take 2 business days.
System Accounts not visible	Production API access must be enabled first in the HID Portal.
Cannot add credentials	Confirm the Communication Handler has the correct Client ID, Client Secret, and Organisation ID.
Invitations not sending	Verify an Email/SMS Sender Communication Handler is configured and running. Check Custom Fields for email/mobile.
Credential status not updating	Ensure the Communication Handler Run Mode is not set to Disabled. Check Poll Frequency settings.
Integriti not receiving/logging card state changes	Check: Is persisted connection running? Are the HID login credentials correct? Are required Review Transitions enabled? Is HTTPS port 443 open on the integration server firewall? Has the persisted connection been restarted since generating credentials?
Migration from legacy handler not completing	Ensure the legacy handler remains enabled during migration. Do not delete it until auto-disabled. Verify both integrations are configured in parallel.

Related Pages

• Integriti Communication Handlers
• Email Sender
• Clickatell SMS Sender
• Integriti System Configuration - Custom Fields section