Installing and Configuring the Bulk Smart Card Issuance Client

Applies To: Forefront Identity Manager 2010, Forefront Identity Manager Certificate Management

You can use the Bulk Issuance Client in Microsoft® Forefront® Identity Manager Certificate Management (FIM CM) to batch process and deploy a variety of smart cards. For example, you can use the Bulk Issuance Client to issue and print smart cards, and to distribute security envelopes to users. Security envelopes are printed documents that contain personal identification numbers (PINs).

For an overview of FIM 2010 documentation and guidance for using it, see the Documentation Roadmap.

Important

To print smart cards and documents, you must install printing software, such as Datacard ID Works 5.1, Enterprise Edition, from supported vendors.

The following topics describe how to install and configure the Bulk Issuance Client:

  • Install the Bulk Issuance Client

  • Configure the Bulk Issuance Client

  • Search for Active Requests

  • Create, Export, and Import Requests Lists

Install the Bulk Issuance Client

You must install Microsoft® Forefront Identity Manager Certificate Management (FIM CM) Client on the client computer before you install the Bulk Issuance Client. For information about how to install the FIM CM Client, see Installing and Configuring the Microsoft® Forefront Identity Manager Certificate Management (FIM CM) Client.

Important

You can install the Bulk Issuance Client only on a computer running Microsoft Windows Server® 2003 Service Pack 1, Windows XP Professional SP3, or Windows® 7 Professional, Enterprise, and Ultimate (32-bit and 64-bit) editions. The Bulk Client full install package for Update Package 1 for Microsoft® Forefront® Identity Manager (FIM) 2010 is required for installation on Windows 7. For more information about Update Package 1, see Microsoft Knowledge Base article 978864 (https://go.microsoft.com/fwlink/?LinkId=202734).

To install the Bulk Issuance Client

  1. Log on as an administrator to the computer where you want to install the Bulk Issuance Client.

  2. From the FIM 2010 installation screen, click Install Certificate and smart card management Bulk Issuance Tool.

  3. On the Welcome to the Installation Wizard page, click Next.

  4. On the Certificate Management License Agreement page, read the license agreement, click I accept the terms in the license agreement, and then click Next.

  5. On the Setup Type page, select one of the following installation types, and then click Next:

    • Select Complete Installation to install the Bulk Issuance Client to the default installation directory at %ProgramFiles%\Microsoft Bulk Smart Card Issuance Tool\.

    • Select Custom to choose the installation directory you want.

  6. On the Ready to Install Bulk Smart Card Issuance Tool page, click Install.

  7. On the Microsoft Bulk Smart Card Issuance Tool Installation Complete page, click Finish.

Configure the Bulk Issuance Client

Before you can use the Bulk Issuance Client to perform bulk requests, you must configure it.

To configure the Bulk Issuance Client

  1. Click Start, point to All Programs, click Microsoft Bulk Smart Card Issuance Tool, and then click Bulk Issuance.

  2. To enter the configuration options, on the Edit menu, click Configuration.

    Alternatively, click the Configuration button below the File menu.

  3. To close the message that says that you have not selected a smart card reader, click OK.

  4. In the Configuration - Bulk Smart Card Issuance Tool dialog box, on the Application tab, in Smart card printer, select SmartDriver.

  5. In Smart card reader, select SmartDriver.

  6. On the Application tab, accept the default timeout and record settings, unless you require other settings.

    With the Retry failed requests default setting enabled, you can reattempt enrollment for requests that fail because of smart card printer errors.

  7. On the Server tab, apply the settings shown in Table 1.

  8. On the ID Works tab, type the ID Works timeout value that you want, and then click OK.

    The default value is 240 seconds.

Table 1   Server settings in the Bulk Issuance Client

Setting Value

Server

Use the name of the FIM CM server.

ILM CMS Web site

Use the name of the FIM CM virtual Web folder.

Port

Use the default value of 80, unless you use Secure Sockets Layer (SSL). For SSL, set the port to 443.

Use SSL

Set the value to Use SSL to protect the FIM CM Web server. The default value is Disabled.

Trust explicit SSL certificate

Type the certificate hash (without spaces) to enable this setting. For testing, you can explicitly trust an SSL certificate.

Search for Active Requests

You can use the Bulk Issuance Client to search the FIM CM database for active requests. Active requests are requests that a user who is currently logged on can run. Table 2 shows the search options that you can use.

Table 2   Search options in the Bulk Issuance Client

Search option Description

Quick search

Searches using the DisplayName attribute that is in Active Directory® directory service for the target user. Quick search performs all string matches from left to right. It also appends a wildcard character to each search string.

New Search

Searches using additional search criteria that are based on user location, object, and group membership. New Search uses the default Active Directory object picker.

FIM CM automatically saves searches to Saved Searches.

  • In the Bulk Issuance Client, in Quick search, type a search string, and then click Find.

    Quick search lists search results directly below the Quick search list. To open the search item, you click a item in the results list.

  1. In the Bulk Issuance Client, under Saved Searches, click New Search.

  2. In the Search - Bulk Smart Card Issuance Tool dialog box, specify search criteria, and then click Save.

    Table 3 shows the available search criteria.

  3. In the New Search Name dialog box, select the Search now check box to immediately search based on the search criteria that you specified, and then click OK.

    The Bulk Issuance Client automatically saves your search under Saved Searches.

Table 3   Search criteria for active requests in the Bulk Issuance Client

Search criteria Description

Location

Searches using an Active Directory location. For example, DC=contoso, DC=com.

Group

Searches using an Active Directory group name.

Target user name

Searches using a user's user name in Active Directory. To search for a specific user, you click User.

Submission date of request

Searches using a specific date or date range.

Advanced

Searches using the Active Directory attributes and request types that you specify.

Create, Export, and Import Requests Lists

You can use the Bulk Issuance Client to create lists of requests that you can run as a group. For example, you can create a request list, and then export it as a file to another Bulk Issuance Client administrator. That administrator can import the file, and then run the request list to complete the requests as a group. Following this approach is helpful when there is a high demand for requests or when several enrollment stations are required.

Note

When you create a request list, the data it contains is offline. If the online data changes, you must use the Bulk Issuance Client to synchronize the data before a user runs the request list.

To synchronize offline data with updated data

  • In the Bulk Issuance Client, right-click the request list, and then click Synchronize.

To create a request list

  1. In the Bulk Issuance Client, in Request Lists, expand Active Requests Lists, and then click New Request List.

  2. When prompted, type a name for the request list, and then click OK.

To export a request list

  1. In the Bulk Issuance Client, on the File menu, click Export Request List.

  2. When prompted, select the request list that you want to export, and then click OK.

  3. In Browse For Folder, select the destination folder for the request list, and then click OK.

    The Bulk Issuance Client exports a request list as an XML file.

To import a request list

  1. In the Bulk Issuance Client, on the File menu, click Import Request List.

  2. In Open, select the request list file that you want to import, and then click Open.