Login
      Contents x
      UCMS Limitations
      • 23 Aug 2024
      • 1 Minute to read
      • Print
      • Dark
        Light
      • PDF
      Contents

      UCMS Limitations

      • Updated on 23 Aug 2024
      • 1 Minute to read
      • Print
      • Dark
        Light
      • PDF
      Article summary

      NOTE

      Customers on UCMS v4.6 or later can upgrade directly to the latest UCMS version.

      If you use UCMS v4.5.x or earlier, to upgrade to the latest version, you must:

      • first upgrade to UCMS 4.6,

      • run the migration process,

      • then upgrade to latest UCMS version. 

      Entra ID Credential Server Limitations

      Only one Entra ID Authority should be configured in UCMS as of 4.10.

      Bound Identities Limitations

      When managing credentials that bound to an endpoint (i.e., stored in a TPM), Helpdesk Operators cannot perform specific operations (device/credential issuance, renewal, and PIN reset) that require direct access. Those operations can only be performed by end users when they are connected to the computer where those credentials reside.

      Credentials that are bound to an endpoint (i.e. stored in a TPM) have limited support in the Operator Portal:

      • Virtual Smart Cards: Operators are only able to Revoke, Suspend, Reactivate and Show PUK. Issue Device, Renew, and Reset PIN are not available.

      Certificate Issuance Limitations

      If a user is missing attributes that are required for the issuance of a certificate, the issuance will fail with a generic error message. Consult the log files to retrieve the list of missing attribute(s).

      Gemalto Card Limitations

      • Gemalto PKI management keys are not supported with Utimaco HSM.

      • Gemalto IDPrime MD 930 PKI management keys are not supported with Amazon HSM.

      • Gemalto cards are supported only with Omnikey or SCM readers.

      Hardware Security Module Limitations

      Once a credential profile is successfully configured with an HSM, you only edit the password, profile description, and PIN policy.

      Identrust PKI Limitations

      Identrust requires the following attributes in the SubjectDN of their certificate template:

      • For card authentication certificates: SerialNumber="{user.guid}"

      • For PIV authentication, digital signature, and encryption/key management certificates:OU="{org.organizationName}"

      SCIM Limitations

      • Axiad UCMS currently allows only one SCIM configuration per organization.

      • SCIM user provisioning from PingFederate does not support the manager attribute.

      YubiKey Limitations

      • Axiad UCMS only allows for one active OATH OTP configuration between the two available slots.

      • YubiKeys with PIN-protected management keys (the Management keys stored in device option in the credential profile) are not supported in the Operator Portal, and can only be managed by users themselves using the Unified Portal. This configuration is only required when YubiKeys are co-managed with a third-party solution that relies on the YubiKey mini-driver to diversify the management keys.


      Was this article helpful?
      What's Next
      101 Metro Drive, Suite 560
      San Jose, CA 95110
      United States
      Social
      Change password!
      Changing your password will log you out immediately. Use the new password to log back in.
      Change profile
      Success!
      First name must have atleast 2 characters. Numbers and special characters are not allowed.
      Last name must have atleast 1 characters. Numbers and special characters are not allowed.
      Enter a valid email
      Enter a valid password
      Your profile has been successfully updated.
      Logout