Datacard® TruCredential™ Suite Software

Installation and Administration Guide

January 2017

Part No. 527666-001, Rev. C

Notice
This publication and the accompanying software are proprietary to Entrust Datacard Corporation
and are protected by U.S. patent and copyright laws as well as various international laws and
treaties. This publication may not be copied, translated, sold, or otherwise transferred to a third
party, in whole or in part, without the express written permission of Entrust Datacard
Corporation.

Information in this publication is subject to change without notice. Entrust Datacard Corporation
assumes no responsibility for any errors that may appear in this publication.

Names and logos in sample screens are fictitious. Any similarity to actual names, trademarks, or
trade names is coincidental.

Trademark Acknowledgments
Datacard is a registered trademark and service mark of Entrust Datacard Corporation in the
United States and other countries.

Entrust is a registered trademark and service mark in the United States and other countries.

MasterCard is a registered trademark of MasterCard International Incorporated.

Visa is a registered trademark of Visa International Service Association.

All other product names are the property of their respective owners.

Proprietary Notice
The design and information contained in these materials are protected by US and international
copyright laws.

All drawings and information herein are the property of Entrust Datacard Corporation. All
unauthorized use and reproduction is prohibited.

Entrust Datacard Corporation

1187 Park Place
Shakopee, MN 55379
Phone: 952-933-1223
Fax: 952-933-7971
www.entrustdatacard.com

Copyright © 2017 Entrust Datacard Corporation. All rights reserved.

ii
 Revision Log
Installation and Administration Guide

Revision Date Description of Changes

A January, 2016 The first release of this document, for TruCredential

software version 7.1.

B July, 2016 Fully updated with new installation, uninstallation,

administration, and specifications information for
version 7.2.

C January, 2017 Many updates for 7.2.1. Refer to the release notes for
the complete list of changes.

iii
iv
 Contents
Chapter 1: Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
About This Manual . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Conventions Used in This Manual . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Related Resources. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Support and Service Resources. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Operating Systems. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Browsers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
TruCredential Software Installation Environments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Single-Computer Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Multiple-Computer Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Server-and-Clients Environment. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
TruCredential Software System Diagram . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
User Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Obtain the Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Chapter 2: Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Installation Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
The Installation Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Post-Installation Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
The Server Computer’s URL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
The Software’s Location on Your Computer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Installing in a Single-Computer Environment. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Installing the Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Installing in a Multiple-Computer Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Installing the Server and Client Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Installing the Client Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Installing in a Server-and-Clients Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Installing the Server and Client Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Installing the Client Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Installing an Upgrade to TruCredential Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Save a Copy of Your Current Data and Configuration for TruCredential Software for Back-
Up Purposes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Install the New Version of TruCredential Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Chapter 3: Starting the Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Starting TruCredential Software for the First Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
First-Time Sign-In Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Subsequent Sign-In Procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Run the Software on a Client Computer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Installation and Administration Guide v

Chapter 4: Uninstalling the Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Chapter 5: Administration Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

HTTPS Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Steps to Get a Certificate From a Certificate Authority (CA) . . . . . . . . . . . . . . . . . . . . . . 21
Load the Certificate From a Certificate Authority (CA) into TruCredential Software . . . 22
Connect a Printer to a TruCredential Software Computer Using a USB Cable . . . . . . . . . . . . 23
Database Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Create a New H2 Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Connect to the Microsoft Access 2010 Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Connect to the Microsoft Access 2013 Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Connect to the Microsoft SQL Server 2008 Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Connect to the Microsoft SQL Server 2012 Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Deploy and Connect to the Oracle 11g R2 Database . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Configure the Delegated Authentication Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Change the Memory Assigned to the TruCredential Java Virtual Machine (JVM) . . . . . . . . 27
Advanced Printer and Supplies Support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Support for Card-in-Flight Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
MIFARE Classic Card Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Password Security Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Low Security Password Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Medium Security Password Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
High Security Password Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Change the Password Complexity Level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Automatic Sign-Out Due to Inactivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Known Issue with the Chrome Browser’s Support of Languages . . . . . . . . . . . . . . . . . . . . . . . 33
Troubleshooting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
General Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Specific Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Contact Entrust Datacard Customer Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

Chapter 6: Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Basic Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Ports Used by TruCredential Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Firewall Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
TruCredential Software’s Windows Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Entrust Datacard-Brand Printers Supported . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Card Stock Sizes Supported. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Paper Sizes Supported by the Report Designer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Supported Image Formats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Supported Capture Devices or Data Sources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Required Canon DSLR Camera Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Additional Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Databases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

vi
 Bar Codes Supported . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Smart Card Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Smart Cards Supported . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Chip Readers Supported . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Proximity Card Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Proximity Cards Supported . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Card Readers Supported . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

Chapter 7: Glossary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

Installation and Administration Guide vii

viii
Chapter 1: Introduction

This section provides an overview of this manual, support and service

resources, system requirements, and what is required before you begin
installation of Datacard® TruCredential™ Suite software.

Background
This manual explains conceptually how to install, administer, supervise, and operate
TruCredential software, with the end result being the ability to issue personalized credentials.
This manual is written for the TruCredential software system administrator.

This manual does not cover the installation of card printers, peripheral hardware, or drivers
required to configure the hardware to produce personalized cards. Refer to the manuals that
came with your respective products for this information, and make sure that all of your hardware
and associated drivers are installed before attempting to use them with TruCredential software.

Product Editions
There are several product editions in the TruCredential software suite.

Product edition capabilities do vary. Refer to the license agreement or product edition
comparisons available on www.datacard.com/partnerpage for details about what is and is not
supported by the edition that you have licensed.

Product versions also vary. If your license is for an earlier version of TruCredential software, you
must upgrade your license to access the features in the current version of TruCredential software.

Often you must reactivate your product key to get the correct edition to work. Refer to the online
Help “License” section to enter the correct product key.

About This Manual

This document describes how to install, administrate, and troubleshoot TruCredential software. It
is intended for system administrators who have experience with industry standards or who have
been trained by Entrust Datacard.

Installation and Administration Guide 1

Conventions Used in This Manual
Placeholder text displays in italic font. You must replace the placeholder text with information
that is correct for your environment. Example:
http://servername:portnumber/trucredential

User interface text displays in boldface font. Example:

When work is complete, select user ID > Sign Out.

This is an example of a note. Notes contain important information. Make sure that you
read them carefully.

Related Resources
The TruCredential Software Online Help system is the primary documentation for this product
and provides procedures for everything that you must do in TruCredential software. It is available
by clicking the help button on any page.

Support and Service Resources

Go to entrustdatacard.com/support for information about technical support in your region. For
hardware support, have your product model and serial number available. For software support,
have the software version number and product key available. Refer to the shipping documents or
the software to retrieve this information.

System Requirements
Before installing the software, make sure that your computer meets the following minimum
specifications. After installation, refer to “Specifications” on page 37 for more details.

2 Introduction
Software
Warning: TruCredential software must not be installed on a system running Datacard®
Syntera® Customization Suite (SCS) software. TruCredential software uses a custom
version of SCS software to provide smart card personalization, and its components
overwrite anything currently installed. The existing SCS software installation fails to work
properly as a result. Uninstall SCS software prior to installing TruCredential software to
avoid any issues.
TruCredential software must not be installed on a computer that is running Datacard® ID
Works® identification software or Datacard® IDCentre™ software if the two software
applications will be connected to the same database table and columns.

Operating Systems
The 32- and 64-bit Windows 7, Windows 8.1, Windows 10, and Windows Server 2012 R2
operating systems are supported. The latest service pack is recommended.

Smart card is not supported for HIF printers connected by USB cable to the Windows 7
operating system.

Hardware
 A computer with a 32- or 64-bit processor

 Minimum screen resolution of 1360 × 768

 Memory (RAM):

Single-Computer Environment Multiple-Computer Environment

4 GB RAM minimum, For the server:

8 GB RAM recommended 8 GB RAM minimum,
16 GB RAM recommended
For each computer:
4 GB RAM minimum,
8 GB RAM recommended

 Initially, at least 1 GB of available computer hard drive space if you are installing the client
and the server software on the same computer; slightly less than that if you are installing
only the client software or only the server software.

 An available software port to use for communicating with the TruCredential server
computer—make a note of this port number; you must enter it when you install the
software. Note that the software installation process defaults to port 80, which many systems
can use without requiring further understanding of this step. If you have difficulty, verify that
the default port 80 is not already in use.

Installation and Administration Guide 3

 Use the following setup to write to a smart card chip using an HIF printer:

 Connect the HIF printer to your computer with a USB cable, rather than a network cable.

 Install TruCredential software onto a computer running the Windows operating system.

Although this setup permits writing to a smart card chip using an HIF printer, it does not
permit reading a smart card chip.

Browsers
 Google Chrome version 54.0 or newer software

 Internet Explorer® 11 software: TruCredential software is optimized for use with Internet
Explorer 11.0.17

TruCredential software version 7.2 does not support Internet Explorer browser versions
prior to version 11 because Microsoft Corporation no longer supports those versions.

 Microsoft Edge software

4 Introduction
TruCredential Software Installation Environments
There are three main environments in which TruCredential software can be used to issue
credentials: a single-computer environment; a distributed, multiple-computer environment; or a
server-and-clients environment. Keep this in mind when you are installing TruCredential software
to make sure that you install the correct components on the correct computers.

Single-Computer Multiple- Computer Environment Server-and-Clients

Environment Environment

Server and Client Server and Client Server Hardware and Software
Hardware and Hardware and Software
Software

Multiple Client Computers Running Multiple Client Computers Running

TruCredential Client Software TruCredential Client Software

Single-Computer Environment
Select this option during installation to install and use on a single computer. Make sure that this
computer is backed up routinely because it must be the sole keeper of all TruCredential software
information, including the default database, if you choose to use it. This computer must be
connected to one or more card printers using a network connection or USB cable (refer to
page 23 for USB details), and it must also connect to any required data capture devices such as a
document scanner, camera, signature pad, or other peripheral device. If the optional automated
license activation process is used, an Internet connection is also required. The administrators,
designers, supervisors, and operators all access TruCredential software on this computer.

Installation and Administration Guide 5

Multiple-Computer Environment
Select this option to install all server and client software on one computer that functions as the
server for an environment of multiple computers. This computer can also be used as a client
because it contains the client software. On each additional client computer in this environment,
only install the TruCredential client software.

Server-and-Clients Environment
Select this option during installation if the computer that you first install the software on must
function as the server computer only. During installation, select the option to only install the
server portion of TruCredential software on this computer. The server computer hosts the
TruCredential configuration database: H2. Unless you choose to configure an external database,
you also will be using a TruCredential-provided database. As with a single computer installation,
make sure that this server computer is left running and is backed up routinely, particularly the
databases which are located (by default) at:

 C:\ProgramData\Datacard\TruCredential\db\trucredential.h2.db

 C:\ProgramData\Datacard\TruCredential\db\customer.h2.db

When you install TruCredential software on a client computer, select only the client installation
option to install on that computer. Client computers connect through a network to exchange
information with the server computer. Each client computer uses a USB cable to connect to
peripheral devices that capture data and a network connection or a USB cable to connect to one
or more printers (refer to page 23 for USB details).

Each client computer can, therefore, print cards.

You can also upgrade your installation, regardless of the installation environment. Refer
to “Installing an Upgrade to TruCredential Software” on page 14 for instructions.

6 Introduction
TruCredential Software System Diagram
Refer to the system diagram for information about how TruCredential software can work with
various components.

Key Description Key Description

A Server or server-client computer G Document scanner

B TruCredential software H Camera or webcam

C Records database I Fingerprint scanner

D Datacard License Server software J Signature pad

E Internet access K Datacard printer

F Datacard Capture Manager software

Installation and Administration Guide 7

User Management
The system administrator for the TruCredential software must perform the installation and
configure the system.

Obtain the Software

Do one of the following to obtain a copy of the software:
 Visit the Datacard software download site whose location was provided with your purchase
documentation. Download the software installation file to your TruCredential server
computer.

 Visit www.datacard.com and select Products & Services > Software to locate the
TruCredential software. Download the software installation file to your TruCredential server
computer.

 Obtain a disc with the software installation file on it from Entrust Datacard Corporation.

8 Introduction
Chapter 2: Installation

This chapter describes how to install the software in single-,

multiple-, and server-and-clients computer environments, as
well as how to upgrade from a prior version of the software.

Installation Overview
The person who is the system administrator for the TruCredential software must complete this
installation and the subsequent preparation steps.

The Installation Process

Double-click the *.exe program installation file to run the installation wizard. Locate this file
either on your computer where it was saved when you downloaded it from
trustedcare.entrustdatacard.com, or on the software installation disc. After approximately one
minute, a page indicates that the application installation wizard is extracting files.

If the Extracting window closes unexpectedly and the introductory page does not display,
then there might not be enough available space on your computer’s hard drive for this
software to install and run. Refer to “System Requirements” on page 2 for more
information.

The installation wizard also installs the required version of Microsoft .NET on your
computer, if necessary. As a result, the installation time varies.

Refer to the specific instructions in this document that relate to your installation:

 Installing in a Single-Computer Environment on page 10

 Installing in a Multiple-Computer Environment on page 11

 Installing in a Server-and-Clients Environment on page 13

 Installing an Upgrade to TruCredential Software on page 14

Installation and Administration Guide 9

Post-Installation Notes
If the printer is connected to the computer by USB, rather than by a network cable, refer
to page 23 for instructions on how to configure it.

The Server Computer’s URL

Enter the URL for your TruCredential server computer into your browser’s address bar:
http://host name:port number/trucredential/login.html

—OR—
https://host name:port number/trucredential/login.html

where host name is the name of the server and port number is the number of the listener port. If
you used the default values, enter http://localhost/trucredential/login.html. Or, if your
server computer’s name is Alice and it is using port 15, then enter
http://Alice:15/trucredential/login.html.

If the you used the default port numbers for HTTP (80) or HTTPS (443) when installing the
software, then the port number does not have to be specified in the URL.

The Software’s Location on Your Computer

The software is now located on your computer’s hard drive. The default location is:
C:\Program Files\Datacard\TruCredential\

Installing in a Single-Computer Environment

This section describes installation of TruCredential software in a single-computer environment.

These instructions are for you if the following apply:

 One computer: Just one computer prints cards directly to the printer. This computer will
contain the database, be backed up frequently, be reliable, be secure from physical or
electronic tampering, and meet all of the prerequisite criteria listed previously (“System
Requirements” on page 2).

 Single-computer environment: This computer will be used by the system administrators,

supervisors, and operators; cards can be printed to multiple configured printers.

If the above conditions are true, then you can probably use the default installation settings
presented by the installation wizard if they meet the needs of your environment.

10 Installation
Installing the Software
Follow the instructions in the installation wizard to install TruCredential software on your
computer. When prompted to select the installation type, select Full to install all components of
the software on this computer, which will make this computer both the server and a client.

If you chose a server port number other than 80, refer to “Firewall Settings” on page 39.

Installing in a Multiple-Computer Environment

This section describes the installation of TruCredential software in a multiple-computer
environment. These instructions are for you if the following apply:
 You have a dedicated server computer for the environment, and client computers can send
and receive data from that server computer.

 The server computer contains the database, you frequently copy the data to a safe location
for this computer, it is reliable, it is secure from physical or electronic tampering, and it meets
all of the prerequisite criteria listed here.

 The TruCredential system administrators, and possibly also the designers and supervisors, will
use this computer, but not the operators.

 Operators can use more than one client computer in the environment to personalize cards.

If all of the above are true, then begin by installing the server and client software on the server
computer.

Installing the Server and Client Software

Follow the instructions in the installation wizard to install TruCredential software. When
prompted to select the installation type, use the default type of Full to install all components of
the software on this computer.

If you chose a server computer port number other than 80, refer to “Firewall Settings” on
page 39.

Installation and Administration Guide 11

Installing the Client Software
When the software installation on the server computer is complete, follow this procedure on
each client computer.

You must obtain the IP address or host name of the computer that hosts the
TruCredential server software to complete this procedure.

1. Follow the installation wizard to install the software. When prompted to select the
installation type, select Client Software.

2. When the installation wizard is complete, your default web browser opens and displays a
sign-in window.

3. For client computers with USB-connected devices only: refer to “Firewall Settings” on
page 39 and modify the port settings on the client computer similarly to allow connections
for the required printer or other USB devices through the firewall ports that you specify.

12 Installation
Installing in a Server-and-Clients Environment
This section describes the installation of TruCredential software in a server-and-clients
environment. These instructions are for you if the following apply:

 There is one computer that is the dedicated server for the system, and additional computers
connect to this server, exchanging data with it.

 The server computer contains the database, it is backed up frequently, it is reliable, it is

secure from physical or electronic tampering, and it meets all of the prerequisite criteria
listed here.

 The server computer is used by the system administrator, and can be used by the designer
and supervisor, but not by the operators.

 More than one computer can be used by the operators to personalize credentials.

If all of the above are true, then begin by installing the server and client software.

Installing the Server and Client Software

Follow the instructions in the installation wizard to install TruCredential software. When
prompted to select the installation type, use the default type of Full to install all components of
the software on this computer.

If you chose a server port number other than 80, refer to “Firewall Settings” on page 39.

Installing the Client Software

Follow the instructions “Installing the Client Software” on page 12.

Installation and Administration Guide 13

Installing an Upgrade to TruCredential Software
This section describes upgrading from an existing TruCredential software version to a newer
version.

Save a Copy of Your Current Data and Configuration for

TruCredential Software for Back-Up Purposes
This process applies to you only if you have a prior version of TruCredential software
installed.

Before you upgrade to new software, save your existing data and configuration files so that you
do not lose any data if something goes wrong during the upgrade process.

1. Select Start. In the search box, enter Services. Click the Services application in the list that
displays. The Services window displays.
2. In the list of services, right-click Datacard TruCredential Software and select Stop. A progress
window displays and, when complete, closes. The Status column for the Datacard
TruCredential Software service is now empty.

3. Repeat step 2 for the Datacard TruCredential Database service.

4. Save (make a back-up copy of) the following directories in a safe location:

For TruCredential software versions 7.0, 7.1 and 7.2, the data location specified below is:
C:\Users\Public\Public Documents\Datacard\TruCredential

For TruCredential 7.2.1, the data location is: C:\ProgramData\Datacard\TruCredential

 data location\db

 data location\ldap

 data location\Documents

 data location\Photos

 data location\Signatures

 TruCredential Installation Location\properties

 TruCredential Installation Location\conf

 TruCredential Installation Location\keys

 TruCredential Installation Location\webapps

During the upgrade process, a backup of these files is also created at:
TruCredential Installation Location\UpgradeBackup\.

14 Installation
Install the New Version of TruCredential Software
Caution: Before proceeding, make sure that all users are signed out of the system.

Run the software installation program. A message indicates that you will upgrade to the newer
version of the software. Follow the instructions in the installation wizard to install the software.

The upgrade installation wizard detects which components of the software were previously
installed on the computer and installs the comparable newer components. For example, if the old
client and server software are installed on the computer, then the upgrade installs all
components of the software. Likewise, if only the older client software is installed, then only the
client software is upgraded.

Refer to the release notes for information about the differences between your prior version of
TruCredential software and this newer version.

Installation and Administration Guide 15

16 Installation
Chapter 3: Starting the
Software

This chapter describes the startup of Datacard TruCredential software.

Starting TruCredential Software for the First Time

After installation, the first time that you start TruCredential software must be done on the server
computer by the person who will be the system administrator for the software. The system
administrator must configure the system and create permissions for supervisors, operators, and
so on using the server computer. Refer to “Subsequent Sign-In Procedure” on page 18 for
information about signing in from a client computer. Also, refer to the Help for information about
creating users.

Caution: The system administrator must sign in for the first time on the server computer
or any remote browser that can access the server computer.
Caution: Disable the function that allows the browser to remember the sign-in
information. This preserves security on the system.

To start the software for the first time, do one of the following:

 If you selected to start the program after installation, then after installation is complete,
wait for the browser window to display and the software service to start.

 Single computer installation: select Start > All Programs > Datacard > TruCredential >
Sign In. Your browser opens to the sign-in page for TruCredential software.

 Multiple computer installation: open your browser and enter the URL of the TruCredential
server computer. Refer to “The Server Computer’s URL” on page 10 for assistance.

Regardless of the method you use to start TruCredential software, it takes longer to start
the first time, compared with subsequent times, because various services require time to
start.

Installation and Administration Guide 17

First-Time Sign-In Information
Refer to the TruCredential Software Online Help system for information about configuring the
system and getting it started for all users (operators, supervisors, designers, and other
administrators). There is a link on the home page of the Help system to initial startup tasks for the
system administrator. Print that page to track your progress through the tasks.

Follow the initial startup instructions in the Help system to enter and activate the
product key provided with your purchase documentation.

Subsequent Sign-In Procedure

To start the TruCredential software on the server computer or single-computer installation, use
the shortcut in the Windows Start menu:
Start > All Programs > Datacard > TruCredential > Sign in. A sign-in page displays.

Run the Software on a Client Computer

After the first time you have signed in to the software on the server computer, you can run the
software on any client computer. Refer to “The Server Computer’s URL” on page 10 for
assistance.

18 Starting the Software

Chapter 4: Uninstalling the
Software

This chapter provides information about uninstalling the TruCredential

software from your computer.

To uninstall TruCredential software, do the following:

1. Select Start > All Programs > Datacard > TruCredential > Uninstall_Datacard TruCredential
Suite Software. A wizard displays.
2. Follow the instructions in the wizard to uninstall the software.

3. Repeat this procedure on each computer for which you want to uninstall the software.

Installation and Administration Guide 19

20 Uninstalling the Software
Chapter 5: Administration
Reference

This section describes the general administration of the TruCredential

software, including database support and more.

HTTPS Mode
Steps to Get a Certificate From a Certificate Authority (CA)
Install the free OpenSSL tool from the Internet. Refer to https://www.openssl.org/.

From the location where OpenSSL is installed, open a command prompt or terminal session. Then
do the following:
1. Generate a private key.
openssl genrsa -out <server.key> 2048 -nodes

2. Convert the private key to PKCS #8 format.

openssl pkcs8 -topk8 -inform PEM -outform DER -in <server.key> -nocrypt > <pkcs8.key>

3. Generate the certificate request (CSR).

openssl req -new -key <server.key> -out <server.csr>

Installation and Administration Guide 21

Load the Certificate From a Certificate Authority (CA) into
TruCredential Software
1. Select the Settings > Settings > Application Settings > Settings tab.

2. For Transport Security, select SSL.

3. For Port, enter the number of any unused port.

Port 443 is the default for SSL, and it does not need to be specified in the URL. For
example, https://localhost/trucredential

4. Upload the certificate file that was received from a certificate authority.

5. Upload <pkcs8.key> as Private Key.

6. Click Save.
7. Restart the Datacard TruCredential Software service.

8. Navigate to https://localhost:<port_number>/trucredential, where port_number is the port

you selected in step 3 above unless you used the default 443 as mentioned in the note above.

22 Administration Reference
Connect a Printer to a TruCredential Software
Computer Using a USB Cable
On a TruCredential software computer connected to a printer using a USB cable, do the following:

1. Install the printer driver and verify that the printer is working.

2. In the Windows Devices and Printers list, right-click the printer’s icon and select Printer
Properties. The printer’s name is the value in the top-most field. Make note of this name.

3. Determine the IP address or computer name of your computer. Make note of this IP address
or computer name.

4. For the Windows Firewall, create an Inbound Rule to allow traffic on the client port. The
client port is the value (80, by default) that you entered during the installation of
TruCredential software on the computer.

5. Select Start > All Programs > Datacard > TruCredential > then right-click TruCredential and
select Run as administrator.

6. Sign in to the software.

7. Register the printer with the software using the following values:

Name Set this to a meaningful value, such as the name of the

computer on which this printer is attached.

Description (Optional) Describe the printer.

Model menu Select the printer’s model or Generic.

Device Name Set this to the value from step 2.

Client Address Set this to the value from step 3.

Client Port Set this to the value from step 4.

Installation and Administration Guide 23

Database Support
Connect to various databases to exchange data on demand. TruCredential software requires that
data mapping from an external database to the TruCredential software database matches exactly,
and the data types must also be the same.

The following databases are supported:

 H2 (this is, initially, the default data source)

 Microsoft Access 2010 database

 Microsoft Access 2013 database

 Oracle 11g R2 database

 Microsoft SQL Server 2008 R2 database

 Microsoft SQL Server 2012 database

For instructions about how to add, change, or delete a database, and how to change the default
database, refer to the online Help.

Create a New H2 Database

You can use the included H2 database server software to create a new database with a different
name than the internal TruCredential database.

Caution: If you create a new H2 database following this method, you must not use the
name “default”

The H2 URL format for the file: jdbc:h2:file:[filePath]TRACE_LEVEL_FILE=0;TRACE_

LEVEL_SYSTEM_OUT=0;
CIPHER=AES
(This requires a valid full filePath for the database).

Connect to the Microsoft Access 2010 Database

Refer to “Connect to the Microsoft Access 2013 Database” on page 25.

24 Administration Reference
Connect to the Microsoft Access 2013 Database
Select the option to enter the URL or properties.

Enter the URL

Enter the full URL:
MS-Access URL - value: jdbc:ucanaccess://[filePath]
(This requires a valid filePath for the database.)

Enter the Properties

Enter the full file path to the Microsoft Access database.

The Microsoft Access 32-bit or 64-bit drivers must match the software version that you
installed.

For TruCredential software to access the Microsoft Access database on a shared drive or
network drive, you must create an AD service account with full control over the folder
where the Microsoft Access database file is located.

The maximum size allowed for the Microsoft Access database file is 2 GB.

Connect to the Microsoft SQL Server 2008 Database

Refer to the information below.

Connect to the Microsoft SQL Server 2012 Database

Connect TruCredential software to an external Microsoft SQL Server 2012 database.

 Read data from a Microsoft SQL Server database record and write it to a corresponding
record in the TruCredential software database.

 Write a value from the TruCredential software database into a Microsoft SQL Server
(external) database.

Enter the URL

 Enter the full URL:

jdbc:sqlserver://[server]:[port];databaseName=[databaseName]
(This requires a valid server, port, and databaseName for the database).
 Enter the User ID, Password, and Verify password.

Enter the Properties

 Enter the server, port, and database name.
 Enter the User ID, Password, and Verify password.

Installation and Administration Guide 25

Deploy and Connect to the Oracle 11g R2 Database
Select the option to enter the URL or Properties:

Enter the URL

 Enter the full URL: Oracle’s JDBC Thin driver uses Java sockets to connect directly to Oracle.
There are two URL syntaxes: an old syntax that only works with an SID, and a new one that
works with the Oracle service name.

 Old syntax: jdbc:oracle:thin:@[HOST][:PORT]:SID

 New syntax: jdbc:oracle:thin:@//[HOST][:PORT]/SERVICE

For the new syntax, SERVICE can be an Oracle service name or an SID.
Some drivers also support a URL syntax that allows you to put an Oracle user ID and
password in the URL:
jdbc:oracle:thin:[USER/PASSWORD]@[HOST][:PORT]:SID
jdbc:oracle:thin:[USER/PASSWORD]@//[HOST][:PORT]/SERVICE
A sample connect string with the service name orcl:
String url = "jdbc:oracle:thin:@//myhost:1521/orcl";
A sample with the instance name orcl:
String url = "jdbc:oracle:thin:@myhost:1521:orcl";
Find the SID/SERVICE name in the tnsnames.ora file.
Sample content from the tnsnames.ora file:
CC_ORACLE =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = myhost)(PORT = 1521))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = CC_ORACLE)
)
)
CC_ORACLE =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = myhost)(PORT = 1521))
(CONNECT_DATA =
(SID = CC_ORACLE)
)
)

 Enter the User ID, Password, and Verify password.

Enter the Properties

 Enter the server, port, and database name.

 Enter the User ID, Password, and Verify password.

26 Administration Reference
Configure the Delegated Authentication
Interface
The following properties control how delegated authentication works.
# External LDAP configuration
external.ldap.base.provider.url=

This property specifies the URL for an external LDAP in the format:
ldap://<host name or IP address>:<port number>

Specify one of the following properties, depending upon whether authentication must be done
via “userPrincipalName” or “samAccountName”:

 external.ldap.domain=

If you specify the external.ldap.domain property value, then “userPrincipalName” binding

and authentication is done. When this property is specified (for example:
external.ldap.domain=mycompany.com) then the search will be against:
<username>@<mycompany.com>

 external.ldap.base.dn

If you specify external.ldap.base.dn (for example, DC=<myCompany>,dc=com), then

“samAccountName” binding and authentication will be done. The value specifies the DN
from which the user account will be authenticated.

Change the Memory Assigned to the

TruCredential Java Virtual Machine (JVM)
1. In the Services window, select the Datacard TruCredential Software Service and click Stop.

2. From a command prompt, run “C:\Program Files\Datacard\AppContainer\bin\tomcat8w.exe

//ES/TRUCREDENTIAL”.

3. Click the Java tab.

4. Set the “Initial memory pool” value to the amount of memory to allocate to the software
when it starts.

5. Set the “Maximum memory pool” value to the maximum amount of memory used by
TruCredential software.

6. Click OK to save the changes.

7. In the Services window, select the Datacard TruCredential Software Service and click Start.

Installation and Administration Guide 27

Advanced Printer and Supplies Support
TruCredential software works with printers, ribbons, and card stock to provide support for many
advanced features that you can use to increase the security and utility of your cards. Specifically,
the following technologies are supported:

 Smart cards (refer to “Smart Cards Supported” on page 47)

 Emboss printing (using the Datacard® CE840™ instant issuance system)

 Indent printing (using the Datacard® CE840™ instant issuance system)

 Impress printing, which leaves a tactile impression on the surface of the card

 Multiple magnetic stripes per card

 Holograms (certain ribbons required)

 “Ghosting” of images
 Double lamination (certain printers required)

 Ultraviolet printing (certain ribbons required)

 Multi-hopper support (certain printers required)

 Card-in-flight operation (refer to “Support for Card-in-Flight Operation” on page 28)

Support for Card-in-Flight Operation

For printing non-smart cards, TruCredential software automatically supports card-in-flight
printing to compatible printers. This means that, as soon as one print job has been sent to the
printer, TruCredential software sends the next print job until the printer’s memory is full. For
example, a DPCL printer with multiple modules and sufficient memory can process up to three
cards at one time. This improves the card throughput rate on these printers.

28 Administration Reference
MIFARE Classic Card Support
If you are reading to or writing from the MIFARE Classic card, adjust the following timeout
properties as required to obtain successful results.

Default Time

Path and File Name Property Name New Time (Write In)

C:\Program Files\Datacard\ trucredential.server.dpi.response.timeout 60,000 ms

TruCredential\properties\
trucredential.properties __________ ms

C:\ProgramData\Datacard\ timeout.upperbound 30 s
Adaptive Issuance Suite\main\
SysConfig.ini ___________ s

C:\Program Files\Datacard\ perso.response.timeout.milliseconds 30,000 ms

TruCredential\webapps-dc\
dcpi-ws\WEB-INF\classes\ __________ ms
application.properties

Installation and Administration Guide 29

Password Security Levels
The administrator can set different levels of password security for the system.

There are three levels of password security that the TruCredential software administrator can set
for users and groups system-wide: low, medium, or high. The default level upon first installation
of the product is high security. Refer to “Change the Password Complexity Level” on page 31 to
change the level of security used by TruCredential software.

Low Security Password Requirements

 The new password must be at least five (5) characters long.

 The new password must not contain your user ID.

Note that passwords are not case-sensitive, so “ABC” is recognized as well as “abc” and “Abc”.

Note also that your password might expire after a period of days (180 days is the default).

Medium Security Password Requirements

 The new password must be at least six (6) characters long.

 The new password must not contain your user ID.

 You cannot use a password that has been used recently (within the last 1 through 100
password changes, as specified by your TruCredential software administrator).

 At least one character must be from each of the following categories:

 An uppercase European character A through Z, with a diacritic mark (Á for example) or
the sharp-s(ß), Greek (Δ for example), or Cyrillic (Ї for example).
 A lowercase European character a through z, with a diacritic mark (é for example) or the
sharp-s(ß), Greek (λ for example), or Cyrillic (Ї for example).
 A numeral (0123456789).

 Any non-uppercase or -lowercase alphabetic Unicode character, including Asian language

characters (฿ for example).

Note that passwords ARE case-sensitive, so “ABC” is different from “abc” and “Abc”.

Note also that your password will expire after a period of days (180 days is the default).

30 Administration Reference
High Security Password Requirements
 The new password must be at least eight (8) characters long
 The new password must not contain your user ID.

 You cannot use a password that has been used recently (within the last 1 through 100
password changes, as specified by your TruCredential software administrator).

 At least one character must be from at least three (3) of the following categories:

 An uppercase European character A through Z, with a diacritic mark (Á for example) or

the sharp-s (ß), Greek (Δ for example), or Cyrillic (Ї for example).

 A lowercase European character a through z, with a diacritic mark (é for example) or the
sharp-s (ß), Greek (λ for example), or Cyrillic (Ї for example).

 A numeral (0123456789).

 A non-alphanumeric character: ~!@#$%^&*_-+=`|(){}[]:;"'<>.?/

 A non-uppercase or non-lowercase alphabetic Unicode character, including Asian

language characters (฿ for example).

Note that passwords are case sensitive, so “ABC” differs from “abc” and “Abc”.

Note also that your password will expire after a period of days (180 days is the default).

Change the Password Complexity Level

To change the level of complexity for user passwords, follow this procedure.
1. Go to the installation location InstallPath\webapps\trucredential-server\WEB-INF\
classes\. Where “InstallPath” is the location where you installed TruCredential
software.

2. Right-click the file passwordPolicies.xml and select Open with > Notepad.
3. On the third line of the file, change the value of “DefaultPolicy” from “High” to “Low” or
“Medium”, depending on your requirements.
4. Save and close the file, and then restart the TruCredential software server. The new password
policies apply to any passwords set from that point onward.

Installation and Administration Guide 31

Automatic Sign-Out Due to Inactivity
For security purposes, the administrator can set a time out to occur for all users that are signed in
to the TruCredential software system but who have not used it for a specified period of time. If
your TruCredential software has been idle for the specified period of time, a message displays
that you are about to be signed out. If you do not respond to the inactivity sign-out message
within a period of time, the TruCredential software signs you out and, to resume work, you must
again sign in to TruCredential software.

Caution: Any unsaved work in progress when a system sign-out occurs is lost.

To configure this session time-out period, refer to the online Help section for administrators to
manage the automatic sign-out due to inactivity (in the software, click Settings > Settings >
Application Settings).

32 Administration Reference
Known Issue with the Chrome Browser’s Support
of Languages
In the Chrome browser, setting any of the following as the first, primary language does not
immediately result in a change in the TruCredential software’s display language: Japanese,
Spanish (Latin America), and Dutch. To display these languages, follow this procedure for your
language (Japanese is used for example purposes):

1. In Chrome’s Settings panel, click Show advanced settings, scroll to Languages and click
Language and input settings.
2. In the Languages dialog box, click Add and select Japanese from the list of languages. Click
OK.
3. Click and drag Japanese to the top of the list of languages. Click Done.

4. Close the Chrome browser.

5. Navigate to c:\Users\UserID\AppData\Local\Google\Chrome\User Data\Default, where

UserID is your user ID on the computer.

6. Open the Preferences file using Notepad or another text editor.

7. Search for “accept_languages”.

If “accept_languages” is not present, make sure that you completed step 1 through
step 4 before continuing this procedure.

8. Edit the entry’s comma-separated values list, making sure that “ja-JP” is the first entry. For
example:
{"accept_languages": "ja-JP,en-US,en"}

Enter the code for your language in the accept_languages entry, instead of what was
originally listed, as follows:
Japanese: ja-JP
Spanish (Latin America): es-LA
Dutch: nl-NL

9. Set the file properties for the preference.js file for the Chrome browser to Read Only to
prevent external modification of this file by the user.

Run TruCredential software in the Chrome browser. The interface displays the selected preferred
language.

Installation and Administration Guide 33

Troubleshooting
General Issues
When starting TruCredential software, “This page can’t be displayed”

The most common causes of this message are:

 The server is not running. Resolve this by starting the Datacard TruCredential software server
in Window Services.

 If you are running in a multiple computer environment, the Windows Firewall must be
configured on the server. Refer to “Firewall Settings” on page 39.

 The port entered in the URL is incorrect or missing. This is generally caused by importing
workflows with their application settings, which reset the port value. To resolve this:

a. Find the port value in C:\Program Files\Datacard\TruCredential\ conf\server.xml. Open

the file using a text editor such as Notepad.

b. Find the line: <Service name=“CatalinaTruCredential”>. Below it, find the line:
<Connector.... then find the text Port=NNNN. Where NNNN is the port number to use.

c. In a browser’s address bar, enter http://localhost:NNNN/trucredential. Refresh the

browser to verify that the issue is solved.

34 Administration Reference
 You Cannot Capture a Photograph, Signature, or Document

If you cannot capture an image, either using a capture device or by importing a file, a message
indicates that you are unable to capture a photograph. To resolve this issue:

1. Make sure that the Datacard Capture Manager service is running by looking for the Datacard
Capture Manager service icon in the system tray. Expand the system tray to view all of the
services.

2. If the service is running, click the service icon . A status window indicates that the service
is running or it displays an error. Record any error in case you must contact support.

3. Click the Close button in the upper-right corner. This stops the service and removes the icon
from the system tray.
4. Select Start > All Programs > Datacard > Capture Manager. Right-click the Service application
and select Run as administrator. Verify the status of the Capture Manager Service.
5. (Optional) Click Hide to suppress the display of the Capture Manager Service.

6. Repeat step 2 to determine if the Datacard Capture Manager service is now running properly.

7. If the service is running, capture an image in TruCredential software. If no error displays, the
issue is resolved.

8. If the issue is not resolved, restart the computer and repeat this process.

You Cannot Print to a Registered USB-Connected Printer

In this situation, the printer connects to a client or server-client computer using a USB connection
and it is properly registered with TruCredential software, yet it does not print.

To remedy this, make sure that the printer driver is installed on the computer.

Specific Messages
“The selected fields have incompatible data therefore they cannot be connected”

If you get this message when mapping fields, the data type in one field is not identical to the data
type in the other field, therefore you cannot connect them. The types of data cannot be mixed.

“Error occurred while retrieving enrollments”

Your search might be on an incompatible field. Read the log file for more information. The log is
at install path\TruCredential\logs\trucredential-stdout.YYYY-MM-DD.log, where install path is the
path to which you installed TruCredential software (C:\Program Files\Datacard by default)
and YYYY-MM-DD is today’s date.

Installation and Administration Guide 35

Contact Entrust Datacard Customer Service
Go to entrustdatacard.com/support for information about technical support in your region. For
hardware support, have your product model and serial number available. For software support,
have the software version number and product key available. Refer to the shipping documents or
the software to retrieve this information.

36 Administration Reference
Chapter 6: Specifications

This section describes detailed specifications for the TruCredential

software.

System Requirements
Basic Requirements
Refer to “System Requirements” on page 2 for basic system requirements.

Ports Used by TruCredential Software

The table below lists the ports used by TruCredential software.

In some cases, the port number must be changed to allow the client computers, for instance, to
access the server computer, or other components of your system to interact. Refer to “Firewall
Settings” on page 39 for instructions.
for Firewalls?
Must Change

Port Used
Default (Write
Product/Component Port Number) Configuration Method

TruCredential Server 80 Yes In the TruCredential software, click the Settings

button then select Settings.

TruCredential 10489 No 10489 (Not configurable.)

Embedded LDAP

Datacard Capture 8000 Yes 1. Go to INSTALL_PATH/CaptureManager/bin/

Manager software (on Capture Manager XML Config.
a computer) 2. Change the port number XX in the following
string as required:
trucredential.client.capturemanager.port=XX
3. Go to INSTALL_PATH/properties/
trucredential.properties.
4. Repeat step 2.

Installation and Administration Guide 37

 for Firewalls?
Must Change
Port Used
Default (Write
Product/Component Port Number) Configuration Method (Continued)

DPI Server for Full or 9443 No 1. Go to INSTALL_PATH/properties/

Server installation trucredential.properties.
type 2. Change the port number XX in the following line
as required: trucredential.server.dpi.port=XX
3. Go to INSTALL_PATH\conf\server.XML.
4. Repeat step 2.

DPI for Client 9443 Yes During installation: Select the port during client
installation type installation.
After installation: Select the port during USB
printer configuration. Refer to the TruCredential
Software Online Help system for details.

SCDI (for Full or Server 16000 No Java system property

installation type) scdi.port

SCDI (for Client 16000 Yes Java system property

installation type) scdi.port

SCS Communication 10000 No Change the Windows environment variable SCS_

Controller CONFIG_FILE that is pointing to the SysConfig.ini
file. The default path is: C:\ProgramData\Datacard\
SCS\main\SysConfig.ini.

SCS Trace Server 11221 No Edit the Sysconfig.ini file on your computer.

JobManagement 11299 No Edit the Sysconfig.ini file on your computer.

AppEdlPort

JobManagement 11298 No Edit the Sysconfig.ini file on your computer.

AppPort

HostComm 11400 No Edit the Sysconfig.ini file on your computer.

ControllerPort

EmbeddedComm 11450 No Edit the Sysconfig.ini file on your computer.

ControllerPort

ObjComm 11550 No Edit the Sysconfig.ini file on your computer.

ControllerPort

DataAccessComm 11219 No Edit the Sysconfig.ini file on your computer.

ControllerPort

Application 11208 No Edit the Sysconfig.ini file on your computer.

InstancePort

38 Specifications
 for Firewalls?
Must Change
Port Used
Default (Write
Product/Component Port Number) Configuration Method (Continued)

LegacyNkPort 1500 No Edit the Sysconfig.ini file on your computer.

TransactionPort 15001 No Edit the Sysconfig.ini file on your computer.

Firewall Settings

If specified in the table above, you need to change the firewall settings to permit access between
computers.

To create a rule in Windows Firewall to allow client computers to access a server computer:
1. On the server computer, open the Control Panel.

2. Open Windows Firewall and click Advanced Settings.

3. On the Windows Firewall with Advanced Security window, click Inbound Rules.

4. On the Inbound Rules window, click New Rule.

5. Click Port for the type of rule that you are creating and then click Next.

6. Click TCP for the protocol and enter the port number that you used in the Specific local ports
box during the installation process.

7. Click Next. Click Allow the connection for the action.

8. Click Next. For the profile, select Domain, Private, or Public, depending on what you want to
allow. Click Next.

9. Enter TruCredential Software for the name of this rule. Click Finish. The rule displays in the
list.

Installation and Administration Guide 39

TruCredential Software’s Windows Services
The following Windows services are installed by TruCredential software:

Services for a Full Installation

 Datacard Capture Manager

 Datacard SCS Communicator Controller
 Datacard Software License Server
 Datacard Trace Server
 Datacard TruCredential Database
 Datacard TruCredential Software

Services for the Server Installation

 Datacard SCS Communicator Controller

 Datacard Software License Server
 Datacard Trace Server
 Datacard TruCredential Database
 Datacard TruCredential Software

Services for the Client Installation

 Datacard Capture Manager

 Datacard TruCredential Software

Entrust Datacard-Brand Printers Supported

To display the supported printers, do one of the following:

 On a TruCredential software page, click Settings > Settings. Click Printers > Create >
Model. The list of supported printers displays.

 Refer to your product release or purchase documents.

No financial instant issuance (FII) printers are supported: CD820, CR825, CD825, CR500,
CE870, or CE875. Printing to any such printer fails.

40 Specifications
Card Stock Sizes Supported
Card Dimensions: Width × Height

ISO ID-1 3.3750 × 2.1250 inches (8.5725 × 5.3975 centimeters)

CR-50 3.5000 × 1.7250 inches (8.8900 × 4.3815 centimeters)

Custom size Any dimensions that you specify that are supported by your
supported printer.

Paper Sizes Supported by the Report Designer

Paper Size Size in Inches Size in Millimeters

Junior Legal 8×5 203 × 127

Government-Letter 8 × 10.5 203 × 267

Letter 8.5 × 11 216 × 279

Legal 8.5 × 14 216 × 356

Tabloid 11 × 17 279 × 432

Ledger 17 × 11 432 × 279

A0 33.110 × 46.811 841 × 1189

A1 23.386 × 33.110 594 × 841

A2 16.535 × 23.386 420 × 594

A3 11.693 × 16.535 297 × 420

A4 8.268 × 11.693 210 × 297

A5 5.827 × 8.268 148 × 210

A6 4.134 × 5.827 105 × 148

A7 2.913 × 4.134 74 × 105

A8 2.047 × 2.913 52 × 74

Custom (User-specified) (User-specified)

Installation and Administration Guide 41

Supported Image Formats
The following formats are supported for images saved in 24-bit RGB (color) that do not have
transparency applied to them:

File Type Abbreviation

Windows bitmap BMP

Graphics interchange format GIF

(non-animated files only)

JPEG JPEG

JPEG 2000 JPEG 2000

Portable network graphic PNG

Scalable vector graphic SVG

Tagged image file format TIFF

TruCredential software does not support 1-bit (monochrome), 32-bit CMYK images,
images with transparency, or images that are not saved in 24-bit RGB (color) format.

42 Specifications
Supported Capture Devices or Data Sources
Photographs Signatures Documents
 Importing a file  Importing a file  Importing a file
 Canon DSLR cameras
*  Topaz signature pads  TWAIN-obtained scans
 DirectShow-compatible  The AssureID system
webcams  SnapShell R2
 TWAIN-obtained scans

* Refer to “Required Canon DSLR Camera Settings” on page 43.

Required Canon DSLR Camera Settings

Configure the Canon DSLR camera that you will use as follows:

Camera Function Required Setting

The Live View function settings > Live View Shoot Enable

Auto-rotate option Off

LCD off/on button > Shutter button Shutter/DISP

Auto power off option Off

Mode P (Program)

Installation and Administration Guide 43

Additional Support
Printer Supports Windows
Installation Connection Smart Account
Operating Systems Type Type Cards Service

 Microsoft Windows 7 Full  Network Yes Default

 Microsoft Windows 8.1  Non-HIF USB
 Microsoft Windows 10
 Microsoft Windows
Server 2012 R2

 Microsoft Windows 8.1 Full HIF USB Yes An account

 Microsoft Windows 10 that is part of
the Windows
 Microsoft Windows Administra-
Server 2012 R2 tors group
 Microsoft Windows 7 Full HIF USB No

 Microsoft Windows 7  Client/ Network Yes Default

 Microsoft Windows 8.1 Server
 Microsoft Window 10  Multiple
Computer
 Microsoft Windows Mode
Server 2012 R2

 Microsoft Windows 8.1  Client/ HIF USB Yes  Server:

 Microsoft Windows 10 Server Default
 Microsoft Windows  Multiple  Client: An
Server 2012 R2 Computer account
Mode that is
part of the
 Microsoft Windows 7  Client/ HIF USB No Windows
Server Administ-
 Multiple rators
Computer group
Mode

44 Specifications
Databases
Refer to your product sales or release documents for the list of supported databases.

The TruCredential field connector tool supports connections to database views and synonyms
(except for H2 databases), and it supports the columns from all external tables in the H2,
Microsoft SQL Server, and Oracle R2 databases. Certain limitations for views and synonyms exist
that are limitations of the databases themselves.

Installation and Administration Guide 45

Bar Codes Supported
Bar Code Name Valid Characters Non-Valid Characters

Code 39 0123456789[Space]ABCDEFGHIJKL @,!,~,#,^,&,*,(,),<,>,?,;,:,",',{,},[,],|,

MNOPQRSTUVWXYZ-.$/+% \,`,=,,,_

Code 39 extended 0123456789[Space]ABCDEFGHIJKL @,!,~,#,^,&,*,(,),<,>,?,;,:,",',{,},[,],|,

MNOPQRSTUVWXYZ!#$%&'()*+,-./ \,`,=,,,_
:;<=>?@[\]^_`
abcdefghijklmnopqrstuvwxyz{|}

Code 93 0123456789[Space]ABCDEFGHIJKL @,!,~,#,^,&,*,(,),<,>,?,;,:,",',{,},[,],|,

MNOPQRSTUVWXYZ-.$/+% \,`,=,,,_

Code 93 extended 0123456789[Space]ABCDEFGHIJKL @,!,~,#,^,&,*,(,),<,>,?,;,:,",',{,},[,],|,

MNOPQRSTUVWXYZ-.$/ \,`,=,,,_
+%!#&'()*,:;<=>?@[\]^_`
abcdefghijklmnopqrstuvwxyz{|}~

Codabar 01234567890-$:/.+ @,!,~,#,^,&,*,(,),<,>,?,;,%,",',{,},[,],

|,\,`,=,,,_

EAN-8 0123456789 All uppercase and all lowercase

characters; all symbols.
EAN-13

UPC-A

UPC-E

Code 128 - Auto The complete ASCII character set, (None.)

including control characters.
Code 128 A

Code 128 B

Code 128 C

46 Specifications
Smart Card Support
Smart Cards Supported
TruCredential software supports personalization, encoding, configuration, and adding a smart
card chip field to the following smart cards:

Smart Cards Supported Scenarios Supported

 MiFARE Classic  Network-connected printers on Microsoft Windows 7,

 MiFARE DESFire EV1 Windows 8.1, Windows 10, and Windows
Server 2012 R2 operating systems
 HID Prox
 USB-connected printers on Microsoft Windows 8.1,
 IClass Windows 10, and Windows Server 2012 R2 operating
systems

Chip Readers Supported

 DUALi (single-wire)

 DUALi (two-wire)

 PCSC (SCM or Identiv and can be single-wire or two-wire)

 RFIdeas

Proximity Card Support

Proximity Cards Supported
 iClass
 Prox

Card Readers Supported

 RFIdeas

Installation and Administration Guide 47

48 Specifications
Chapter 7: Glossary

The following terms have specific meanings within the TruCredential

software environment and in this document.

ABA. American Bankers Association.

AFIS. Automated fingerprint identification system.

APM. Access point manager.

ASCII (American Standard Code for Information Interchange). A standard for processing
information in computer processors. An 8-bit character set of 255 decimal numbers, each
assigned to numbers, letters, punctuation, and characters.

audit log. TruCredential software creates audit logs containing detailed system behavior
information for use by Entrust Datacard technical personnel in troubleshooting any problems you
might have with your system.

Background layer. When designing a card, this is the layer that displays behind all other layers.
Often the background layer contains a solid color, a photograph, or no content at all.

back up. The process of making a copy of something, such as a computer file or data, to protect
against unintentional loss.

bar code. A series of alternating black and white stripes, of varying widths (each character
denoted by a set number and width of black stripes) that allows characters to be optically read by
a computer.

Black layer. On a direct-to-card printer, this layer uses the "K" panel of the printer’s ribbon, which
is typically, though not always, black in color.

BMP. An image format.

card serial number (CSN). A unique number associated with a card. Typically card serial numbers
are printed on the card in human-readable format, although sometimes they are located within a
smart card chip or magnetic stripe that can only be read by a certain type of card reader.

card-in-flight operation. Operation of a printer that has one or more modules, such as an
embosser or laminator, which can process multiple cards at one time. For example, a DPCL
printer with two laminator modules can process up to three cards in parallel by printing one card

Installation and Administration Guide 49

 while laminating a second and third card at the same time. The printer’s available memory
determines the number of print jobs that it can process at one time.

card design template. A card design that is predefined with default fields. You can use it as it is or
modify it to suit your requirements.

card stock. The actual cards that you are using to print the card design on. Some cards have
features such as magnetic stripes, embedded circuits, or pre-printing on them.

checksum. Also called check digit, it’s an extra character added to a bar code to make sure that it
is accurate.

Codabar. A bar code encoding type.

coercivity. (1) Also known as coercive field, coercivity is the measure of a ferroelectric/
ferromagnetic material’s ability to stand up to an external magnetic or electric force. It is
measured in ampere/meters or oersteds. (2) The property of a magnetic stripe that indicates the
amount of force required before magnetic saturation, measured in Oersted (Oe).

Color layer. This is the default layer on the front side of the card upon which the full-color design
is done on a particular card.

configured devices. Supported devices that have been configured and prioritized to work with a
TruCredential software installation.

CPI. Characters per inch.

CR. A card type.

CR-100. A card dimension standard of 2.625 X 3.875 (+/-0.002 W, +/- 0.005 L) or 66.675 X
98.425 mm.

CR-79. A card dimension standard of 2.0625 L X 3.3125 W (+/-0.002 W, +/-0.005 L) or 52.400 X

84.150 mm.

CR-80. A card dimension standard of 2.125 X 3.370 (+/-0.002 W, +/- 0.005 L) or 53.975 X
85.598 mm.

CR-90. A card dimension standard of 2.375 X 3.625 (+/-0.002 W, +/- 0.005 L) or 60.325 X 92.075
mm.

credential. In this context, a card or badge that grants an individual the access rights to a location
such as an office building, credit or monetary charging rights, or other rights based on assertion
of their identity as verified by their possession of a card or badge.

CSN. Refer to “card serial number.”

CSV file. A comma-separated value file, meaning that a comma follows each unit of data.

CVC. Card verification code.

50 Glossary
 darkness. A reference to color saturation.

data source type. A type of database used by a TruCredential software installation. For example,
the Microsoft SQL Server or Oracle database.

direct-to-card (DTC) printing—Printing technology in which an image is deposited directly onto a

card using different colors of ribbons.

dithering. (1) The process of creating an image semi-transparently, either partially or in whole, by
using small dots of ink in varying densities. Dithering can be used to create a grayscale effect by
taking a single color and dithering it more to get lighter shades of it or less to get darker shades to
approximate the average level of that color in the original image. This dithering process is what
newspapers do to get rich depth in their images using just black ink. (2) A system of distributing
dots to control the hue, brightness, and/or saturation. In monochrome printing, this controls the
brightness. In color printing, dithering can supply a larger color gamut than non-dithering. In the
printer driver, dither modes can be selected to provide better image quality depending on the
type of image to be printed.

dot pitch. A measurement of image sharpness denoting the width of the dots that makes up a
pixel. The smaller the dot pitch is, the sharper the image will be.

dot. The smallest unit of an image that the printer is able to produce. The smaller the dot is (refer
to dot pitch), the sharper the image will be.

DPI. Desktop printer interface.

DPI (dots per inch). A measurement of the printer resolution indicating the number of dots that a
printer can produce in one linear inch.

DTC. Direct-to-card.

DUALi. A manufacturer of smart cards and related products.

duplex printing. Personalization on the front and the back of the card.

E-card. An abbreviation for electronic card. A generic term that refers to any card with a built-in
electronic device, such as the smart card or proximity (prox) card.

EAN-8. An encoding type.

edge-to-edge. Refers to the maximum printable area on a card resulting in printed cards with
virtually no border.

emboss. The process and result of raising part of the surface of a card off from the rest of the
surface to create raised lettering or design.

encoder, smart card. An electro-mechanical interface to transfer data from a computer to a chip
or magnetic stripe built into a card.

Installation and Administration Guide 51

 enroll. The process of making, or accepting someone as, a member of or participant in
something.

export. To transfer data into a format that can be used by another TruCredential software
installation.

film. A thin, flexible, transparent sheet used to carry dye-impregnated material or resin to be
transferred to the card.

FIPS. A card type; federal information processing standard.

font. A character set similar in style and form. Fonts can be graphical or mathematical constructs,
represented by a series of dots or an assembly of curves and lines.

FR. Facial recognition.

full bleed. Printing that can cover the entire card surface.

ghosting. Refer to “transparent” on page 56.

GIF. Graphics interchange format, a standard image format.

grayscale. A graduation through the various brightness levels from white to black.

halftone printing. A process in monochrome printing that simulates continuous tone by using
changes to the distribution of single dots. Increasing the number of dots in a given area increases
the darkness even though the individual dots are the same size.

HIBC. An encoding type.

HiCo (high coercivity). The coercivity value of magnetic media between 2500 - 4000 Oe
(ISO 7811-6). Most high-coercivity cards are 2750 Oe.

HSM. Hardware security module.

IAT. This is a format for the three-track magnetic stripe on cards. It comprises the default data
formats—IATA, ABA, and TTS. This format is also called ISO format.

IATA. International Air Transport Association.

iClass chip. Embeddable read or write contactless smart card technology from HID. It can be used
for many applications, including personnel access control, public transportation, cashless
vending, biometrics, customer loyalty programs, and airline ticketing. A 13.56 MHz chip.

ID. An abbreviation for the word “identification.”

image. A collection of pictures or graphical elements that compose the visual features on a card.
Also refers to the digital representation.

import. The process of taking in specially formatted data that can be used by the TruCredential
software installation.

52 Glossary
 indent. The process and result of lowering part of the surface of a card off from the rest of the
surface to create a lowered lettering or design area.

inhibit (panel). The inhibit (or “I”) designation of a ribbon under YMCI, YMCKI, and YMCKIKI
indicates the ability to prevent the transfer of film to the card surface. Users can select these
ribbon types to prevent film from transferring over security features, signature panels, or other
areas of interest on the card surface.

JPEG. Joint Photographic Export Group, an image format.

JPEG 2000. Joint Photographic Export Group, an image format.

K Panel. An area of a multicolored ribbon (for example, YMCK) that contains black resin for
transfer to the card surface. Also used in reference to the application of preference to items
printed on the card—those using the black panel in lieu of a process (YMC) black.

lamination. The application of a film or resinous substance, fused by heat and pressure, to the
surface of a card.

Lamination layer. The top-most layer that can be applied to a card, the Lamination layer serves
both to protect the design underneath from tampering and to seal it from damage by the
elements.

landscape. A document layout that is viewed with the document’s long axis in a horizontal
orientation.

layer. A layer can be a color, such as black, or it can be something that is applied to a card, such
as lamination or ultraviolet material.

LDAP. Lightweight Directory Access Protocol.A software protocol for enabling anyone to locate
organizations, individuals, and other resources such as files and devices in a computer network,
whether on the public Internet or on a corporate intranet.

magnetic stripe (MS). (1) A band of material that can be placed on a card to encode information
onto the card. (2) An area of the card with an applied or impregnated ferrous material that can
hold encoded data through a series of prescribed polarity changes.

Magnetic Stripe layer. This layer symbolically represents the fact that the card stock that is
loaded into the printer contains a magnetic stripe. This layer is programmed with the information
that the printer encodes on that magnetic stripe and in what format.

MIFARE Classic card. A brand of smart card that is available with 1KB, 2KB, 4KB, and 8KB memory
capacities. Parameters and security settings for this card are configured using a workflow step
and the resulting data is made available in the system workflow.

monochrome. An image composed of a single color.

MS. Magnetic stripe.

Installation and Administration Guide 53

 network. A series of computers connected by data transfer cable for communication and sharing
of functions and peripherals.

NFC. Near-field communication.

Non-Printable Area layer. This layer supersedes all other layers and allows the designer to
designate areas where there must be no printing on the card, for example over a manual
signature line or a magnetic stripe.

non-sponsored visitor. A visitor who does not have a sponsor but has a legitimate reason for
visiting.

opaque. Refer to “transparent” on page 56.

PACS. Physical access control system.

PACS interface. The information required to connect to a physical access control system (PACS).

PCI. Payment card industry.

PCX. An image format.

peripheral. Any device that is attached externally to a computer. These often share the same
data cable or port as a printer and can be the source of communication problems.

PII. Personally identifiable information.

PIN. Personal identification number.

PNG. Portable network graphic, an image format.

port. A communication interface, serial or parallel, used for the transference of data. Includes
USB and Ethernet.

portrait. A document layout that is viewed with the document’s long axis in a vertical
orientation.

pre-enroll. The process of pre-populating some of the data necessary for checking in an
applicant. For example, someone visiting a building can pre-enroll to enter that building by
providing their name, address, and other information online before they arrive to save time at
check-in.

primary data source. The default data source to and from which all TruCredential software data
is written.

print driver. A software utility that serves as an interface between the printer and the Windows
graphical device interface (GD), making the printer’s functions available through the software
application. It also provides the format information for rasterizing the print file, including any
necessary escape or function commands.

54 Glossary
 print job. A file of one or more cards for the printer to print, including image data and printer
functions, transmitted through the parallel interface and at times stored temporarily in the print
buffer and spooler.

print server. A device used to connect and control a printer on a network.

proximity (prox) card. A card that allows physical building access and tracking using contactless
technology, usually by communicating through a built-in antenna.

PSD. An image format (Adobe Photoshop Drawing).

queue. A sequence of files or sets of data awaiting transmission or processing.

report. A list of visitors, employees, persons who were granted cards, or another type of chart
providing data to a supervisor. Reports can be used for audit purposes.

resin. A semi-solid material.

resolution. The number of individual pixels in a graphic, taken over a given length, used to
indicate the sharpness of the picture and the level of detail. The number of elements in the
printhead determines printer resolution.

saturation. A measure of the degree of color, from gray, with the same brightness.

SC. Smart card.

SCDI. Smart card device interface.

SID. Secure ID.

slap fingerprint scan. Also known as four-finger simultaneous plain impressions. The fingerprints
on all four fingers of one hand are scanned at one time (in one image) and then software
separates the image into different images for each finger.

smart card. (1) Any card, typically made of plastic, with embedded integrated circuits that
provides security authentication, identification, data storage, or application processing. Examples
are a chip card or integrated circuit card (ICC). (2) Smart cards have an embedded computer
circuit that contains either a memory chip or a microprocessor chip. There are several types of
smart cards: memory, contact, contactless, hybrid (twin), combi (dual interface), proximity, and
vicinity.

SN. Serial number.

static text. Static text is text that does not change from card to card; every card you print from
this card design contains this text.

supported devices. Devices that are compatible with TruCredential software. Examples include
cameras, signature pads, document scanners, and chip card readers.

Installation and Administration Guide 55

 system dashboard. A display that shows the status and relevant metrics of the TruCredential
software all in one reference place.

template. An example that can be used to make similar or identical cards or workflows in the
TruCredential software. Refer to card design template or workflow template.

text. In contrast with static text, text can be changed with each printed card. Examples of text are
a name, ID or account number, and telephone number.

TGA. An image format.

thermal acceptance composite (TAC) cards. Card stock produced by laminating sheets of PVC
with sheets of PET for better thermal distortion resistance. Ultra III cards.

thin film overlaminate. A 0.25-mil thick resin material that enhances card security and durability
applied over the printed surface with a hot roller. Available as clear or with embedded
holographic-type security images.

TIFF. An image format.

time-out. An interruption of a print job that occurs when a function is not completed in the time
allotted by the operating system.

token crop. Processing a photographic image so that it can be used in machine-readable travel
documents. Token crops are defined by INCITS (International Committee for Information
Technology Standards) standards. In other words, token crops are a sample of the whole image.

topcoat. A clear protective material that helps to protect a printed card from damage and from
tampering.

track. The area on a magnetic stripe designated to contain the magnetic data string.

track type. On a card with a magnetic stripe, the kind of track or stripe used. For example, NTT or
IAT.

transparent. The property of being easy to see through.

TTS. Thrift Third Standard.

UID—unique identifier. Most smart card technologies include a pre-encoded unique identifier on
the chip.

Ultraviolet layer. A transparent layer that contains material that reacts by changing color under
ultraviolet light. This is typically used as a security feature.

watch list. A list of persons who must not be granted access to a facility. AFIS is one example of a
watch list.

WMF. An image format.

56 Glossary
 workflow design. The process of defining the steps, in order, that the operators must take to
create a particular credential.

workflow template. A workflow that was pre-designed with default steps. You can use it as it is or
modify it to suit your requirements.

zoom. You can zoom, or change the viewing magnification, from 100% to 500% of the actual
design size in 50% increments.

Installation and Administration Guide 57

58 Glossary