How a Federal Department Transformed Identity Proofing at Scale

Download this case study as a PDF

How NextgenID and Intercede partnered with a contractor to modernize credential issuance for a distributed federal workforce

Business Outcomes:

• Travel requirements for field credentialing were eliminated, reducing cost and logistical burden on distributed personnel
• Time-to-credential and appointment backlogs were reduced across distributed sites
• HSPD-12, FIPS 201, and NIST SP 800-63 IAL3 compliance maintained with audit-ready lifecycle management across credential types
• On-demand enrollment made available across kiosk, desktop, and mobile form factors without scheduling requirements

Prefer video? Watch the full overview here:

CHALLENGE:

Scaling Identity Proofing and Credential Issuance Across a Distributed Federal Workforce

A major U.S. federal department responsible for security-sensitive operations was struggling with a credentialing infrastructure that had not kept pace with the geographic dispersal of its workforce. Identity proofing and credential issuance relied on appointment-only, in-person facilities, which is a model that worked in a centralized environment but proved increasingly unworkable as thousands of employees and contractors were distributed across domestic and international field locations. Compliance obligations under HSPD-12, FIPS 201, and NIST SP 800-63 remained fixed, but the operational reality on the ground had changed significantly.

Four interconnected problems had emerged that existing tools and internal processes could not adequately address:

• Decentralized credentialing access: Remote personnel often needed to travel significant distances, at considerable agency cost, to complete face-to-face identity proofing and credential issuance.
• Long processing cycles: Appointment-only scheduling and limited facility capacity extended onboarding timelines, delaying mission readiness across the enterprise.
• Fragmented workflows: PIV smart cards, mobile credentials, and USB tokens each operated under separate issuance workflows, creating administrative complexity and inconsistency in how credentials were managed and tracked.
• Compliance pressure: Meeting IAL3 requirements under NIST SP 800-63 demanded comprehensive audit trails and lifecycle traceability across all credential types. This is a standard difficult to sustain within a fragmented, facility-dependent model.

SOLUTION:

A Unified, Managed Identity Ecosystem Built for Federal Scale

The department engaged a contractor to design and deliver a modernized identity ecosystem. This contractor brought together two specialized vendors: Intercede for credential lifecycle management and NextgenID for distributed, self-service identity proofing, whose respective platforms were purpose-built for federal compliance environments. The resulting architecture allowed the department to extend its credentialing capability to the field without replacing existing infrastructure or rebuilding established PKI and IDMS integrations.

• Intercede MyID CMS — Credential Lifecycle Backbone: Intercede’s MyID Credential Management System was selected as the authoritative platform for credential lifecycle governance. MyID integrated directly into the department’s existing IDMS and provided centralized issuance and lifecycle management for PIV smart cards, mobile credentials, and USB tokens. Full PKI/CA integration enabled certificate issuance, renewal, and revocation to occur within a single governed workflow, consolidating what had previously been fragmented, credential-specific processes.
• NextgenID Identity Stations — Self-Service Proofing at Scale: NextgenID’s remotely supervised Identity Stations addressed the department’s geographic access problem by enabling IAL3-compliant identity proofing at distributed locations without requiring in-person facility visits or scheduled appointments. Stations were deployed in three form factors to accommodate the range of operational environments across the department’s footprint:
  • Kiosk Form Factor: Freestanding stations deployed at high-traffic locations, with identity proofing sessions supervised remotely by trained agents.
  • Desktop Form Factor: A compact configuration suited to existing office environments and smaller facilities where a full kiosk footprint was not feasible.
  • Mobile Form Factor: A portable unit designed for temporary sites, remote locations, and operationally constrained environments where permanent infrastructure was unavailable.
• Seamless Integration Across the Identity Architecture: The two platforms were integrated across every critical layer of the department’s identity architecture:
  • Identity Stations -> MyID CMS: Real-time credential issuance and lifecycle actions.
  • MyID CMS -> Department IDMS: Syncs authoritative identity data.
  • MyID CMS -> PKI/CA Services: Full certificate lifecycle management.

Because both platforms were designed to integrate with existing federal infrastructure, the department was able to extend its credentialing capability without replacing its IDMS. This preserved prior investments while significantly expanding operational reach.

• Continuous Compliance and Lifecycle Integrity: Both platforms are architected
  for ongoing federal compliance. Intercede’s MyID is updated to align with evolving federal standards, while NextgenID’s Identity Stations maintain NIST SP 800-63 IAL3 alignment through structured remote agent supervision protocols. The combination allowed the department to sustain a continuous audit- ready posture across the full credential lifecycle without periodic system overhauls.

DEPLOYMENT:

Nationwide Rollout with Immediate Operational Impact

The contractor managed the enterprise integration of Intercede’s MyID CMS into the department’s existing IDMS and PKI services, coordinating the technical and programmatic elements of a high-availability deployment. In parallel, NextgenID positioned Identity Stations across field offices, sub-agency organizations, and operational sites identified as high-priority enrollment locations. The department’s own remote agents conduct supervised identity proofing sessions at each station, maintaining direct operational control while NextgenID provides ongoing software support and call center services.

• Centralized Credential Management at Scale: Intercede’s MyID CMS served as the single system of record for all credential types across the deployment. All issuance, renewal, PIN reset, and revocation actions, regardless of whether they originated at a staffed facility or a NextgenID Identity Station, passed through MyID. This centralization gave the department consistent lifecycle governance and a simplified audit reporting posture that did not depend on reconciling data across multiple systems.
• Self-Service Enrollment Without Appointments: With NextgenID’s remote agent-enabled Identity Stations in place, personnel no longer needed to schedule appointments or travel to a credentialing facility. Enrollees presented identity documents, completed biometric capture, and received credential issuance at locations near their duty station; a process that previously required significant advance planning and, in many cases, long-distance travel.
• Audit-Ready from Day One: From initial deployment, the integrated system provided a complete IAL3 identity proofing and credential management capability that met the department’s compliance requirements without requiring additional development. Comprehensive logs and audit trails maintained within MyID
  CMS gave auditors the documentation they needed, and the department did not need to build or customize additional reporting workflows to achieve compliance readiness.

RESULTS:

Reduced Costs, Faster Credentialing, and Mission-Ready Scalability

The combined deployment of Intercede’s MyID CMS and NextgenID’s Identity Stations produced measurable improvements across the department’s credentialing operations, addressing each of the four problems that had driven the modernization effort.

• Reduced Enrollment Time: Personnel no longer needed to travel or schedule appointments to receive credentials. NextgenID’s Identity Stations enabled on-demand enrollment at distributed locations, reducing time-to-credential and allowing employees to reach mission readiness without logistical delays.
• Significant Cost Savings: Removing the travel requirement for remote credentialing produced direct cost reductions. Routine enrollments and lifecycle actions that previously required staffed facility visits were handled at distributed stations, reducing administrative overhead and centralizing operational load within MyID’s governed workflows.
• Full Compliance with Federal Standards: Identity proofing conducted through NextgenID’s supervised stations met HSPD-12, FIPS 201, and NIST SP 800-63 IAL3 requirements. Comprehensive audit trails maintained automatically within Intercede’s MyID CMS provided the documentation needed for ongoing compliance without requiring the department to develop separate reporting workflows or instrumentation.
• Seamless Scalability: The architecture supports expansion without structural redesign. Additional locations, users, and credential types can be incorporated by deploying new NextgenID stations and extending MyID’s management scope, allowing the credentialing program to grow in proportion with the department’s operational footprint rather than becoming a bottleneck to it.

WHAT THIS PROVES:

Distributed Identity Proofing is the Blueprint for Modern Federal Credentialing

This engagement reflects a challenge common across federal agencies with distributed operations: legacy, appointment-only credentialing is less an identity problem than a logistics one. Agencies that have attempted to address it through internal development or single-vendor approaches have generally found that the operational overhead persists. This program demonstrates that purpose-built, integrated platforms, each focused on a distinct layer of the identity lifecycle, can together resolve what neither could address independently.

The engagement described here, combining Intercede’s MyID CMS for credential lifecycle governance with NextgenID’s multi-form-factor Identity Stations for distributed enrollment, delivered under a contractor’s program management, enabled a federal department to extend compliant credentialing across a geographically dispersed workforce without rebuilding its underlying infrastructure. The resulting capability is audit-ready, operationally sustainable, and designed to accommodate growth. For agencies navigating similar challenges at the intersection of distributed access, compliance requirements, and operational efficiency, this program offers a tested implementation model.

About NextgenID

NextgenID provides high-assurance identity proofing and enrollment through a nationwide network of secure Identity Stations and patented Onsite Attended technology. The company serves federal agencies requiring scalable, distributed credentialing that meets IAL3 standards without fixed facility dependencies. NextgenID can be reached at (888) 373-8648 or at www.nextgenid.com.

About Intercede

Intercede’s MyID Credential Management System is a FIPS 201-compliant platform for credential issuance, lifecycle management, and audit reporting across PIV smart cards, mobile credentials, and USB tokens. MyID is deployed in federal agencies and large enterprises requiring governed, scalable credential management integrated with existing PKI and identity infrastructure. More information is available at www.intercede.com.