HID Global ActivID

HID ActivID is an enterprise authentication and credential-management product family centered on the ActivID Authentication Server/Appliance (IdP for SAML 2.0 and OpenID Connect/OAuth 2.0) and the HID Credential Management System (CMS, formerly ActivID CMS) for smart cards/keys/TPM/mobile credentials. It delivers MFA (HID Approve push/OTP, tokens, smart cards) and FIDO options, with on-prem/virtual deployment; HID also offers a cloud Authentication Service with OIDC and SCIM.

Key Capabilities

• Standards-based IdP: ActivID IdP exposes SAML 2.0 and OpenID Connect protocol endpoints for third-party SPs/relying parties.

• Broad MFA choices: HID Approve (push/OTP), one-time password tokens, smart cards, and device credentials; self-service enrollment and branding/customization for the portals.

• FIDO options: ActivID AS documents FIDO U2F enrollment/authentication; HID’s portfolio and cloud Authentication Service document FIDO/WebAuthn (passkeys) support and Crescendo keys.

• Credential lifecycle (PKI): HID CMS (formerly ActivID CMS) manages issuance and lifecycle of credentials (smart cards, keys, TPM, mobile) that enable workstation logon, VPN/app access, and digital signing/encryption.

Limitations

• On-prem operations: ActivID Server/Appliance is customer-operated (HA, patching, certificates, backups); consider HID’s Authentication Service if SaaS delivery is required.

• SCIM on premises vs. cloud: Current detailed SCIM references are clearer for HID’s Authentication Service (cloud).

• Not an IGA suite: ActivID focuses on authentication/federation and credential lifecycle; governance (access reviews/SoD) is out of scope.

• Advanced OAuth profiles: Public docs do not evidence PAR/DPoP/mTLS-bound tokens for ActivID AS; assess requirements if you need FAPI-grade profiles.